[7003] in cryptography@c2.net mail archive
Re: Perfect Forward Security def wanted
daemon@ATHENA.MIT.EDU (Jerome Etienne)
Thu May 4 11:31:36 2000
Date: Thu, 4 May 2000 10:00:59 -0400
From: Jerome Etienne <jetienne@arobas.net>
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
Message-ID: <20000504100059.A709@long-haul.net>
Reply-To: jetienne@arobas.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <v04210104b5372df3d1e4@[24.218.56.92]>; from reinhold@world.std.com on Thu, May 04, 2000 at 09:40:14AM -0400
On Thu, May 04, 2000 at 09:40:14AM -0400, Arnold G. Reinhold wrote:
> Can anyone point me to a good definition of "Perfect Forward Security"?
In rfc2408 section 1.6.1 about ike, you can find one for perfect forward
secrecy. Up to you to decide how relevant and good it is.
" Perfect Forward Secrecy: As described in [DOW92], an authenticated
key exchange protocol provides perfect forward secrecy if disclosure
of longterm secret keying material does not compromise the secrecy of
the exchanged keys from previous communications. The property of
perfect forward secrecy does not apply to key exchange without
authentication."
[DOW92] Diffie, W., M.Wiener, P. Van Oorschot, Authentication and
Authenticated Key Exchanges, Designs, Codes, and
Cryptography, 2, 107-125, Kluwer Academic Publishers,
1992.
