Uh, what? “Elliptic Curve Digital Signature (ECDSA) is the new kid on the block and makes for much smaller key sizes but isn’t quite as performance friendly or compatible as the old standby RSA.”https://aws.amazon.com/blogs/aws/aws-certificate-manager-launches-private-certificate-authority/ …
-
-
Our EC2 network RTTs are in tens of micros too, so it can show up. Moral of the story: ECDSA can slow things down end-to-end. But probably too nuanced a take for a launch blog post.
-
Every handshake has a sign and a verify. RSA sign+verify: 0.00217+0.00005=0.00222s ECDSA sign+verify: 0.0002+0.0007=0.0009s Maybe what you're trying to say is this: - we're optimizing for *server* CPU - the server does the verify in client auth - this CA is only for client certs
- 2 more replies
New conversation -
-
-
What prehistoric version of OpenSSL are you running? On my laptop: sign verify sign/s verify/s 256 bit ecdsa (nistp256) 0.0000s 0.0001s 20298.7 10773.3
-
That's from 0.9.8zh ... which isn't uncommon, and sadly, it's not nearly the slowest out of what's out there!
End of conversation
New conversation -
-
-
To be nitpicking those key sizes aren’t even close to provide the same security.pic.twitter.com/8qByzKL5nl
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.