> Isn’t the most obvious issue that more than one party have the private
keys?
This is inaccurate. Trust Expressions does not define or propose any form
of key escrow, nor are there any changes to which parties control the
private keys of a connection. I encourage you (and others!) to read the
arass one of the chairs,
especially given that this episode was released 8 months ago.
-dadrian
On Mon, Jun 3, 2024 at 12:34 PM D. J. Bernstein wrote:
> Thanks to Martin Thomson, Bas Westerbaan, and David Adrian for the
> measurement data. I'm still puzzled as to what led to the statement tha
I don't really see why popularity of previous methods is relevant to
picking what the necessarily new method will be is, but from the
perspective of Chrome on Windows, across all ephemeral TCP TLS (1.2 and
1.3, excluding 1.2 RSA), the breakdown is roughly:
15% P256
3% P384
56% X25519
26%
Hi Dennis,
There is certainly a discussion to be had about how well Trust Expressions
solves problems experienced by the HTTPS ecosystem and the Web PKI today.
However, that requires moving past repeated, unsubstantiated claims about
how Trust Expressions enables government surveillance,
I recognize I don't participate on this list very often, but I also agree
with TLS 4.0 and Dan's argument. I teach an undergraduate security course
at Michigan; students have enough trouble keeping track of SSL vs TLS
versions as it is. Jumping to 4.0 allows us to end this versioning debacle
now.
On Wed, Jun 29, 2016 at 12:25 PM Brian Smith wrote:
> Dmitry Khovratovich wrote:
> > It allows cheap and memoryless verification by the server even though the
> > puzzle solving guaranteely requires dozens of MB of RAM from a client
>
> I feel like