On Sep 10, 2013, at 1:55 PM, Theodore Ts'o <[email protected]> wrote: > > Also, perfect forward secrecy (PFS) versus non-PFS. If we are going > to make encryption a SHOULD or a MUST, so should be PFS. Even if the > key management is a problem, or worse, let's suppose the NSA has the > private keys for a number of the major CA's, if everything is using > PFS, then an attacker who is interested in doing bulk surveillance > will have to MITM all of the traffic. That will take a large amount > of power and cooling, so it becomes a lot more expensive to do bulk > surveillance, and it will also be much, MUCH harder to do it covertly > (you can't just hide a box in a telephone closet somewhere; but rather > racks and racks of servers at Tier 1 NAP's will be required).
Sounds reasonable. -- Dean
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
