Hacker News new | past | comments | ask | show | jobs | submit login

RSA is a bad idea in key exchanges as well.



One can generate session RSA keys that are signed with previous keys. That eliminates the forward secrecy objection to RSA, in my opinion.


tptacek: I think this sub-thread has been mainly to explain what RSA could be used for, not that it would be a good idea. On the side note, I have been positively surprised to see how many devices support ECDHE key exchange.

Also, do you have a good resource that explains the drawbacks of RSA key exchange in more details?


https://en.wikipedia.org/wiki/Forward_secrecy


Very good point! I was thinking about other potential drawbacks, but this must be the biggest! We're talking about PFS in the next article - https://fly.io/articles/how-ciphersuites-work/




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: