On 09/07/2013 12:52 AM, Gregory Maxwell wrote: > Regardless, I think that argument would be an ignorant one: > Approximately no one runs non-ECDH PFS on the web: it's insanely slow > and it breaks clients. Hmm. Isn't non-ECDH PFS just straight integer (mod N) Diffie-Hellman? And that's what is insanely slow? Andrew.