[Cryptography] People should turn on PFS in TLS (was Re: Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption)

[Perry E. Metzger]

> > One solution, preventing passive attacks, is for major browsers
> > and websites to switch to using PFS ciphersuites (i.e. those
> > based on ephemeral Diffie-Hellmann key exchange).

It occurred to me yesterday that this seems like something all major
service providers should be doing. I'm sure that some voices will say
additional delay harms user experience. Such voices should be
ruthlessly ignored.

Perry
-- 
Perry E. Metzger		perry at piermont.com