Changes between Version 3 and Version 4 of how-to/servers/nginx_https_pfs


Ignore:
Timestamp:
Apr 14, 2014, 3:22:09 PM (10 years ago)
Author:
IMC linksunten
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • how-to/servers/nginx_https_pfs

    v3 v4  
    33== Introduction ==
    44
    5 [https://en.wikipedia.org/wiki/Forward_secrecy Perfect Forward Secrecy] (PFS) is a countermeasure against surveillance programs as [https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 PRISM] by the NSA or [https://en.wikipedia.org/wiki/Telecommunications_data_retention Vorratsdatenspeicherung] in Europe. These programs intercept and store TLS-encrypted traffic which became known as [http://www.spiegel.de/international/world/snowden-reveals-how-gchq-in-britain-soaks-up-mass-internet-data-a-909852.html "full take"] in the [http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html summer of Snowden] in 2013. This data can be decrypted at some point of time in the future after the TLS master key has been obtained (e.g. by a bug like [http://heartbleed.com/ heartbleed]). That is, unless perfect forward secrecy is used to negotiate session keys between server and client. PFS is based on [http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange Diffie-Hellman key exchange] that never sends the session key which can therefore not be intercepted. The only advantage of stealing the TLS master key when PFS is employed would therefore be a stealthy [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attack].
     5[https://en.wikipedia.org/wiki/Forward_secrecy Perfect Forward Secrecy] (PFS) is a countermeasure against surveillance programs as [https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 PRISM] by the NSA or [https://en.wikipedia.org/wiki/Telecommunications_data_retention Vorratsdatenspeicherung] in Europe. These programs intercept and store [http://en.wikipedia.org/wiki/Transport_Layer_Security TLS]-encrypted traffic which became known as [http://www.spiegel.de/international/world/snowden-reveals-how-gchq-in-britain-soaks-up-mass-internet-data-a-909852.html "full take"] in the [http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html summer of Snowden] in 2013. This data can be decrypted at some point of time in the future after the TLS master key has been obtained (e.g. by a bug like [http://heartbleed.com/ heartbleed]). That is, unless perfect forward secrecy is used to negotiate session keys between server and client. PFS is based on [http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange Diffie-Hellman key exchange] that never sends the session key which can therefore not be intercepted. The only advantage of stealing the TLS master key when PFS is employed would therefore be a stealthy [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle attack].
    66
    77== PFS needs re-keying ==