[Cryptography] forward secrecy

[William Allen Simpson]

On 2/22/15 10:02 AM, Jerry Leichter wrote:
> On Feb 22, 2015, at 12:21 AM, Christian Huitema <huitema at huitema.net> wrote:
>> No forward secrecy? What year is this, 1994? Or 1984 maybe?
> None of the above.  Forward secrecy was first proposed in 1992, but it didn't really get much interest until 2000 or so - and it would likely have been too compute-intensive for even desk-top class machines (much less phones) until years later.  SIM cards, on the other hand, go back much further than you might expect:  The first one dates back to 1991!  Even the "modern" min-SIM dates to 1996.  These are dates of introduction; given that these are international standards, design must go back at least a year earlier, probably more.

Hogwash.  We specified forward secrecy as a requirement in the
original IPv6 IPSec of 1993 at IETF Amsterdam.  That was only
later weakened due to the NSA mole(s) in the IETF.

Photuris was designed with forward secrecy, with cell phones in
mind -- Karn was employed by Qualcomm -- on 186 cores.

The specifications and first implementation were written and
ran just fine on my x86 laptop running KA9Q NOS circa 1994-95.

By 1996, there were multiple open source implementations.

Commercially, it also ran on RADGuard in the same time frame.
And others that escape my memory....