On Fri, Sep 6, 2013 at 6:49 PM, Marcus D. Leech <mle...@ripnet.com> wrote:
> It seems to me that while PFS is an excellent back-stop against NSA > having/deriving a website RSA key Well, it helps against passive eavesdropping. However if the NSA has a web site's private TLS key, they can still MitM the traffic, even with PFS. Likewise with "perfect" forward secrecy, they can collect and store all your traffic for the next 10-20 years when they get a large quantum computer, and decrypt your traffic then. PFS is far from "perfect" -- Tony Arcieri
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography