Hacker News new | past | comments | ask | show | jobs | submit login

I am not a cypherpunk, but can/should we differentiate between 1. encouraging those running OpenSSL/TLS servers to use a. sane defaults that allow forward secrecy and b. ephemeral TLS session ticket keys, 2. using Google's in-house EC cipher implementations and 3. doing 1. and 2.?

We could do 1. only and still reap some benefit, correct?




There are environments where ephemeral DH keys violate policy (those sessions can't be passively monitored; some sessions must be), which could militate against PFS suites becoming the default.

DHE is good, but I'm not sure forward secrecy is as pressing a security issue as simple adoption of TLS is. I admire Google's continued efforts to set the standard for its secure deployment, though.


Look at it from Google's point of view though:

Now they won't have "lawfully intercepted" packet captures showing up in their mailbox with demands that they decrypt them using their private key.


Correct!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: