Uh, what? “Elliptic Curve Digital Signature (ECDSA) is the new kid on the block and makes for much smaller key sizes but isn’t quite as performance friendly or compatible as the old standby RSA.”https://aws.amazon.com/blogs/aws/aws-certificate-manager-launches-private-certificate-authority/ …
-
-
Every handshake has a sign and a verify. RSA sign+verify: 0.00217+0.00005=0.00222s ECDSA sign+verify: 0.0002+0.0007=0.0009s Maybe what you're trying to say is this: - we're optimizing for *server* CPU - the server does the verify in client auth - this CA is only for client certs
-
Maybe too much nuance for a twitter thread too! In the case of Private CA, typically our customers are running both the servers and the clients, and we've found that ECDSA can degrade performance because verify is more expensive.
- 1 more reply
New conversation -
-
-
If your verification performance is so tight that you are using RSA and you're using PSS, have you measured performance with e=3?
-
ACM private CA vends X.509 certs for AWS customers, so the keys can be used in almost any context. Unfortunately PSS isn't very common out there. We focus on the cases such as mutual-auth TLS and code-signing with the most usual libraries/implementations.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.