[146648] in cryptography@c2.net mail archive
[Cryptography] People should turn on PFS in TLS (was Re: Fwd:
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Sep 6 10:36:13 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 6 Sep 2013 10:36:07 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: james hughes <hughejp@mac.com>
In-Reply-To: <136DD074-63F0-49B5-8A2F-AA92B37643B8@mac.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> > One solution, preventing passive attacks, is for major browsers
> > and websites to switch to using PFS ciphersuites (i.e. those
> > based on ephemeral Diffie-Hellmann key exchange).
It occurred to me yesterday that this seems like something all major
service providers should be doing. I'm sure that some voices will say
additional delay harms user experience. Such voices should be
ruthlessly ignored.
Perry
--
Perry E. Metzger perry@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
