Uh, what? “Elliptic Curve Digital Signature (ECDSA) is the new kid on the block and makes for much smaller key sizes but isn’t quite as performance friendly or compatible as the old standby RSA.”https://aws.amazon.com/blogs/aws/aws-certificate-manager-launches-private-certificate-authority/ …
-
-
Replying to @grittygrease
We probably over-simplified that blog post. It's being updated, but here's where it came from, for those interested in the minutia: key size and compatibility are uncontroversial, the perf story is harder. Basically: ECDSA saves CPU/time on the server side, but not the client ..
2 replies 1 retweet 5 likes -
Replying to @colmmacc @grittygrease
Here's "openssl speed" for a simple example, ECDSA Vs RSA for verify. In wall-clock time: we've measured about an 80 microsecond hit. Keep in mind that ACM Private CA is for client certificates.pic.twitter.com/UVT97hMRlN
3 replies 1 retweet 3 likes -
Replying to @colmmacc @grittygrease
What prehistoric version of OpenSSL are you running? On my laptop: sign verify sign/s verify/s 256 bit ecdsa (nistp256) 0.0000s 0.0001s 20298.7 10773.3
2 replies 0 retweets 0 likes
That's from 0.9.8zh ... which isn't uncommon, and sadly, it's not nearly the slowest out of what's out there!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.