diff --git a/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.html b/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.html index 3373736..ac76a2c 100644 --- a/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.html +++ b/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.html @@ -1298,7 +1298,9 @@

for offline scenarios, ARKG enables pre-generation of public keys for single-use credentials without needing to access the hardware security device that holds the private keys. For online scenarios, ARKG gives the credential issuer assurance -that all derived private keys are bound to the same secure hardware element.

+that all derived private keys are bound to the same secure hardware element. +In both cases, application performance may be improved +since public keys can be generated in a general-purpose execution environment instead of a secure enclave.

  • Enhanced forward secrecy: diff --git a/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.txt b/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.txt index 2157361..b403250 100644 --- a/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.txt +++ b/introduction-review-sander/draft-bradleylundberg-cfrg-arkg.txt @@ -133,7 +133,10 @@ Table of Contents use credentials without needing to access the hardware security device that holds the private keys. For online scenarios, ARKG gives the credential issuer assurance that all derived private - keys are bound to the same secure hardware element. + keys are bound to the same secure hardware element. In both + cases, application performance may be improved since public keys + can be generated in a general-purpose execution environment + instead of a secure enclave. * *Enhanced forward secrecy*: The use of ARKG can facilitate forward secrecy in certain contexts. For instance, section 8.5.4 of RFC