> > One solution, preventing passive attacks, is for major browsers
> > and websites to switch to using PFS ciphersuites (i.e. those
> > based on ephemeral Diffie-Hellmann key exchange).

It occurred to me yesterday that this seems like something all major
service providers should be doing. I'm sure that some voices will say
additional delay harms user experience. Such voices should be
ruthlessly ignored.

Perry E. Metzger                pe...@piermont.com
The cryptography mailing list

Reply via email to