[146758] in cryptography@c2.net mail archive
Re: [Cryptography] In the face of "cooperative" end-points,
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Sat Sep 7 16:35:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <522A8626.9030708@ripnet.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Sat, 7 Sep 2013 13:27:00 -0700
To: "Marcus D. Leech" <mleech@ripnet.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============8144116797324228128==
Content-Type: multipart/alternative; boundary=089e0111dcd267017204e5d0fbd6
--089e0111dcd267017204e5d0fbd6
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Sep 6, 2013 at 6:49 PM, Marcus D. Leech <mleech@ripnet.com> wrote:
> It seems to me that while PFS is an excellent back-stop against NSA
> having/deriving a website RSA key
Well, it helps against passive eavesdropping. However if the NSA has a web
site's private TLS key, they can still MitM the traffic, even with PFS.
Likewise with "perfect" forward secrecy, they can collect and store all
your traffic for the next 10-20 years when they get a large quantum
computer, and decrypt your traffic then.
PFS is far from "perfect"
--
Tony Arcieri
--089e0111dcd267017204e5d0fbd6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Fri, Sep 6, 2013 at 6:49 PM, Marcus D. Leech <span dir=
=3D"ltr"><<a href=3D"mailto:mleech@ripnet.com" target=3D"_blank" onclick=
=3D"window.open('https://mail.google.com/mail/?view=3Dcm&tf=3D1&=
;to=3Dmleech@ripnet.com&cc=3D&bcc=3D&su=3D&body=3D',=
9;_blank');return false;">mleech@ripnet.com</a>></span> wrote:<br>
<div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
left:1ex">It seems to me that while PFS is an excellent back-stop against N=
SA having/deriving a website RSA key</blockquote>
<div><br></div><div>Well, it helps against passive eavesdropping. However i=
f the NSA has a web site's private TLS key, they can still MitM the tra=
ffic, even with PFS.</div><div><br></div><div>Likewise with "perfect&q=
uot; forward secrecy, they can collect and store all your traffic for the n=
ext 10-20 years when they get a large quantum computer, and decrypt your tr=
affic then.</div>
<div><br></div><div>PFS is far from "perfect"</div></div><div><br=
></div>-- <br>Tony Arcieri<br>
</div></div>
--089e0111dcd267017204e5d0fbd6--
--===============8144116797324228128==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============8144116797324228128==--
