[Cryptography] People should turn on PFS in TLS (was Re: Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption)

Perry E. Metzger perry at piermont.com
Fri Sep 6 10:36:07 EDT 2013

> > One solution, preventing passive attacks, is for major browsers
> > and websites to switch to using PFS ciphersuites (i.e. those
> > based on ephemeral Diffie-Hellmann key exchange).

It occurred to me yesterday that this seems like something all major
service providers should be doing. I'm sure that some voices will say
additional delay harms user experience. Such voices should be
ruthlessly ignored.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list