Wednesday, November 30, 2011

"Forward Secrecy" will enhance https


Parker Higgins at Electronic Frontier Foundation has an important discussion of a new security enhancement to “https” or encrypted sign-on, and that’s called “Forward Secrecy”.  The link is here. Apparently, Google is introducing it with its accounts (to augment remote 2-step verification).    With Forward Secrecy, some information needed to decrypt messages in the future is “ephemeral” and is never stored.  It’s a kind of “reverse pay-if-forward”. 

No comments: