[Wikimedia-l] Disinformation regarding perfect forward secrecy for HTTPS
James Salsman
jsalsman at gmail.com
Thu Aug 1 20:33:14 UTC 2013
With the NSA revelations over the past months, there has been some very
questionable information starting to circulate suggesting that trying to
implement perfect forward secrecy for https web traffic isn't worth the
effort. I am not sure of the provenance of these reports, and I would like
to see a much more thorough debate on their accuracy or lack thereof. Here
is an example:
http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse
As my IETF RFC coauthor Harald Alvestrand told me: "The stuff about 'have
to transmit the session key I the clear' is completely bogus, of course.
That's what Diffie-Hellman is all about."
Ryan Lane tweeted yesterday: "It's possible to determine what you've been
viewing even with PFS. And no, padding won't help." And he wrote on today's
Foundation blog post, "Enabling perfect forward secrecy is only useful if
we also eliminate the threat of traffic analysis of HTTPS, which can be
used to detect a user’s browsing activity, even when using HTTP," citing
http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
It is not at all clear to me that discussion pertains to PFS or Wikimedia
traffic in any way.
I strongly suggest that the Foundation contract with well-known independent
reputable cryptography experts to resolve these questions. Tracking and
correcting misinformed advice, perhaps in cooperation with the EFF, is just
as important.
More information about the Wikimedia-l
mailing list