Perfect Forward Secrecy: Not So Perfect, Not So Forward

Peter Fairbrother zenadsl6186 at
Thu Dec 13 19:04:35 GMT 2012

On 12/12/12 17:03, Alan Braggins wrote:
> On 11/12/12 20:59, Peter Fairbrother wrote:
>> It's been a while since I checked, but I think Google do offer a DHE
>> suite - but the client must ask for one, they are not used as default.
> The default is now DHE.
> "We are now pushing forward by enabling forward secrecy by default."
> "Firstly, the preferred cipher suite for most Google HTTPS servers is
> ECDHE-RSA-RC4-SHA. If you have a client that supports it, you'll be
> using that ciphersuite."

Sounds good, shame it doesn't work with IE .. so Google should only be 
able to retrospectively decrypt SSL sessions about 1/3 of the time.

Suppose plod are looking at minimally-competent badguy. He has a Gmail 
account which he uses for crooked purposes, but being minimally 
competent he doesn't use his real name.

He accesses his crooky Gmail account from home (and afaict he may also 
access another Gamil account in the same SSL session), we'll assume he 
uses a DHE-supported browser, and his ISP keeps some kind of record of 
his internet use - if Plod demand account use details from Google, how 
do Google know his account name? From the IP? Do Gmail keep records of 
IPs? For how long?

-- peter F

More information about the ukcrypto mailing list