> > One solution, preventing passive attacks, is for major browsers > > and websites to switch to using PFS ciphersuites (i.e. those > > based on ephemeral Diffie-Hellmann key exchange).
It occurred to me yesterday that this seems like something all major service providers should be doing. I'm sure that some voices will say additional delay harms user experience. Such voices should be ruthlessly ignored. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography