[7016] in cryptography@c2.net mail archive
Re: Perfect Forward Security def wanted
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri May 5 15:46:02 2000
Message-Id: <4.1.20000504185552.00922f00@email.plnet.net>
Message-Id: <4.1.20000504185552.00922f00@email.plnet.net>
Date: Thu, 04 May 2000 18:58:08 -0500
To: William Allen Simpson <wsimpson@greendragon.com>, cryptography@c2.net
From: John Kelsey <kelsey.j@ix.netcom.com>
In-Reply-To: <3911BE33.1984FCAE@greendragon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 02:16 PM 5/4/00 -0400, William Allen Simpson wrote:
>In response to Perry's editorial comment:
...
>Once the private RSA key is _destroyed_ PFS is attained.
Right. The thing is, usually you think in terms of generating a new key
for every communication session and then discarding the key at the end of
the session. This is a lot cheaper for Diffie-Hellman keys than for RSA
keys, but you can certainly do it in principle.
>Note that it is the inability to recover secret information that
>provides "perfect" forward secrecy, moving from "hard" to "impossible".
>WSimpson@UMich.edu
> Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
--John Kelsey, kelsey@counterpane.com
