On Fri, Sep 6, 2013 at 6:49 PM, Marcus D. Leech <mle...@ripnet.com> wrote:

> It seems to me that while PFS is an excellent back-stop against NSA
> having/deriving a website RSA key

Well, it helps against passive eavesdropping. However if the NSA has a web
site's private TLS key, they can still MitM the traffic, even with PFS.

Likewise with "perfect" forward secrecy, they can collect and store all
your traffic for the next 10-20 years when they get a large quantum
computer, and decrypt your traffic then.

PFS is far from "perfect"

Tony Arcieri
The cryptography mailing list

Reply via email to