Key Exchange Without Forward Secrecy is NOT RECOMMENDED
draft-mattsson-tls-psk-ke-dont-dont-dont-01
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Author | John Preuß Mattsson | ||
| Last updated | 2021-11-19 (Latest revision 2021-05-18) | ||
| Stream | (None) | ||
| Formats |
Expired & archived
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Key exchange without forward secrecy enables passive monitoring. Massive pervasive monitoring attacks relying on key exchange without forward secrecy has been reported, and many more have likely happened without ever being reported. If key exchange without Diffie-Hellman is used, access to the long-term authentication keys enables a passive attacker to compromise past and future sessions. Entities can get access to long-term key material in different ways: physical attacks, hacking, social engineering attacks, espionage, or by simply demanding access to keying material with or without a court order. psk_ke does not provide forward secrecy and is NOT RECOMMENDED. This document sets the IANA registration of psk_ke to NOT RECOMMENDED.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)