On Mon, 31 Mar 2014, Nikos Mavrogiannopoulos wrote:
I don't understand what do you mean using SSH and TLS for 10 or more years, but we have an expectation of secrecy of data for 10 or more years. When you do a TLS or SSH session you don't expect that your transferred data will be leaked within a few months or a year later.
Let me repeat one of my footnotes: (***) If long-term secrecy is desired for data transmitted using a transport protocol (TLS, SSH), one should rely on perfect forward secrecy provided by the use of ephemeral (EC)DH keys rather than on a server private key staying confidential for a long time (not broken and not leaked or stolen). Unfortunately, the support of ephemeral DH in many programs is, ahem, questionable... -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
