Re: [Cryptography] Perfection versus Forward Secrecy

On Thu, Sep 12, 2013 at 11:08 PM, Eugen Leitl wrote: > I do not think that the spooks are too far away from open research in > QC hardware. It does not seem likely that we'll be getting real QC > any time soon, if ever. I don't think the spooks are ahead of the public either, and I really doub

Re: [Cryptography] Perfection versus Forward Secrecy

On Thu, Sep 12, 2013 at 09:33:34AM -0700, Tony Arcieri wrote: > What's really bothered me about the phrase "perfect forward secrecy" is > it's being applied to public key algorithms we know will be broken as soon > as a large quantum computer has been built (in e.g. a decade or two). I do not thi

Re: [Cryptography] Perfection versus Forward Secrecy

On 09/12/13 18:33, Tony Arcieri wrote: > On Wed, Sep 11, 2013 at 8:00 PM, John Gilmore > wrote: > > There doesn't seem to be much downside to just calling it "Forward > Secrecy" rather than "Perfect Forward Secrecy". We all seem to agree > that it isn't perfect,

Re: [Cryptography] Perfection versus Forward Secrecy

On Wed, Sep 11, 2013 at 8:00 PM, John Gilmore wrote: > There doesn't seem to be much downside to just calling it "Forward > Secrecy" rather than "Perfect Forward Secrecy". We all seem to agree > that it isn't perfect, and that it is a step forward in security, at a > moderate cost in latency and

Re: [Cryptography] Perfection versus Forward Secrecy

> > I wouldn't mind if it had been called Pretty Good Forward Secrecy instead, > > but it really is a lot better than regular public key. > > My point was that the name is misleading and causes people to look for more > than is there. There doesn't seem to be much downside to just calling it "For