[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 08/04/14 15:28, bad apple wrote: > > You're missing the point - by far the biggest issue with this bug is > "OMG the attacker has compromised my cert"... with PFS you don't care, > it was only valid for that session anyway and then it's tossed out. As > compared to a non-PFS SSL/TLS server, when you've scored their cert with > this attack they are well and truly done for. PFS also means that is a key is compromised historic traffic is not readable. Been doing work such that our web servers updated recently use PFS with common up to date browser configurations. So this is less of a pain than it could have been. That said revealing 64KB chucks of memory from your webserver, or your XMPP server, not what you want. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq