sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] ECC HTTPS certs for HKPS

From: Kristian Fiskerstrand
Subject: Re: [Sks-devel] ECC HTTPS certs for HKPS
Date: Sun, 2 Apr 2017 12:44:08 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 
On 04/02/2017 07:07 AM, Phil Pennock wrote:
> We need to know it won't break clients.  So, setting up a keyserver
> where dual-stack is present and asking people to point clients at it,
> should help.

In addition to not actually breaking clients, it'd be useful with some
indication that added complexity has any value at all. In most cases ECC
is lower security margin for lower interoperability. I'm still not
convinced we have anything to gain by doing any dual-stack approach that
also includes an increased workload to manage the certs.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]