[147072] in cryptography@c2.net mail archive
Re: [Cryptography] Perfection versus Forward Secrecy
daemon@ATHENA.MIT.EDU (Tony Arcieri)
Thu Sep 12 17:12:33 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <201309120300.r8C306qK001419@new.toad.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 12 Sep 2013 09:33:34 -0700
To: John Gilmore <gnu@toad.com>
Cc: Crypto <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============0382904560605235817==
Content-Type: multipart/alternative; boundary=089e0122f8fcc9268e04e6324d3d
--089e0122f8fcc9268e04e6324d3d
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Sep 11, 2013 at 8:00 PM, John Gilmore <gnu@toad.com> wrote:
> There doesn't seem to be much downside to just calling it "Forward
> Secrecy" rather than "Perfect Forward Secrecy". We all seem to agree
> that it isn't perfect, and that it is a step forward in security, at a
> moderate cost in latency and performance.
What's really bothered me about the phrase "perfect forward secrecy" is
it's being applied to public key algorithms we know will be broken as soon
as a large quantum computer has been built (in e.g. a decade or two).
Meanwhile people seem to think that it's some sort of technique that will
render messages unbreakable forever.
--
Tony Arcieri
--089e0122f8fcc9268e04e6324d3d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Wed, Sep 11, 2013 at 8:00 PM, John Gilmore <span dir=3D=
"ltr"><<a href=3D"mailto:gnu@toad.com" target=3D"_blank" onclick=3D"wind=
ow.open('https://mail.google.com/mail/?view=3Dcm&tf=3D1&to=3Dgn=
u@toad.com&cc=3D&bcc=3D&su=3D&body=3D','_blank'=
);return false;">gnu@toad.com</a>></span> wrote:<br>
<div class=3D"gmail_extra"><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
left:1ex">There doesn't seem to be much downside to just calling it &qu=
ot;Forward<br>
Secrecy" rather than "Perfect Forward Secrecy". =A0We all se=
em to agree<br>
that it isn't perfect, and that it is a step forward in security, at a<=
br>
moderate cost in latency and performance.</blockquote><div><br></div><div>W=
hat's really bothered me about the phrase "perfect forward secrecy=
" is it's being applied to public key algorithms we know will be b=
roken as soon as a large quantum computer has been built (in e.g. a decade =
or two). Meanwhile people seem to think that it's some sort of techniqu=
e that will render messages unbreakable forever.</div>
<div><br></div></div>-- <br>Tony Arcieri<br>
</div></div>
--089e0122f8fcc9268e04e6324d3d--
--===============0382904560605235817==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============0382904560605235817==--
