In response to Perry's editorial comment:
William Allen Simpson wrote:
> [I'm not sure I like this definition, Bill. It would make exchange of
> random session keys by RSA a form of PFS, which it most certainly
> isn't. The definition from Diffie et al given in another message
> really conveys the flavor properly. --Perry]
>
An exchange of random session keys by RSA provides Forward Secrecy,
assuming the keys are truly random. The disclosure of one key won't
reveal previous keys.
Once the private RSA key is _destroyed_ PFS is attained.
Note that it is the inability to recover secret information that
provides "perfect" forward secrecy, moving from "hard" to "impossible".
I'll have to look up the '90 and '92 references when I get home.
[EMAIL PROTECTED]
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
