[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DH vs. RSA use for symmetric key exchange

> I thought PFS has to do with not using material from (or related to) a
> previous key to generate each subsequent key.  Do we here use
> PFS to mean
> that the symmetric key should not only not be derived from a
> previous key
> but must not be encrypted with the same key as before?

As I pointed out in a thread a few months ago (see
http://www.vpnc.org/ietf-ipsec/mail-archive/msg01761.html), the meaning of
PFS has changed over the years.

The original PFS property (which ensures that stored traffic cannot be
decrypted if a private key is eventually compromised) is much more important
than the modern "QM PFS" property (which is a less secure optimization of
phase 1 rekeying).

Beauty with out truth is insubstantial.
Truth without beauty is unbearable.