[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Will the real PFS please stand up?



>I'd like to ask folks exactly what they mean by perfect forward secrecy?

Fair enough.

Perfect forward secrecy means a key management protocol and
implementation in which keys actually used to encrypt traffic (e.g.,
the keys in a ESP security association) are periodically changed such
that prior traffic keys cannot be recovered (and prior encrypted
traffic cannot be decrypted) even when the attacker has a complete
recording of all traffic and a complete readout of all *current*
machine state for both parties. "Current state" includes all
long-lived secret keys, but does *not* include any state that was
destroyed at the last traffic key change.

Phil


References: