Subject: perfect forward secrecy?

perfect forward secrecy?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 21 Aug 2016 01:07:15 +0200 (CEST)

Hey,

There's a best practice left that I haven't marked as 'Met' because I'm not
entirely sure (mostly because my memory is weak on the specifics). So I wanted
to bounce this you you peeps on the list. This the critiera:

Under Security / Good cryptographic practices:

  "The project SHOULD implement perfect forward secrecy for key agreement
protocols so a session key derived from a set of long-term keys cannot be
compromised if one of the long-term keys is compromised in the future"

We can mark this is as a 'Met', can't we?

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-08-21