Perfect Forward Secrecy: Not So Perfect, Not So Forward
Peter Fairbrother
zenadsl6186 at zen.co.uk
Thu Dec 13 19:04:35 GMT 2012
On 12/12/12 17:03, Alan Braggins wrote:
> On 11/12/12 20:59, Peter Fairbrother wrote:
>> It's been a while since I checked, but I think Google do offer a DHE
>> suite - but the client must ask for one, they are not used as default.
>
> The default is now DHE.
>
> http://googleonlinesecurity.blogspot.co.uk/2011/11/protecting-data-for-long-term-with.html
>
> "We are now pushing forward by enabling forward secrecy by default."
>
> http://www.imperialviolet.org/2011/11/22/forwardsecret.html
> "Firstly, the preferred cipher suite for most Google HTTPS servers is
> ECDHE-RSA-RC4-SHA. If you have a client that supports it, you'll be
> using that ciphersuite."
Sounds good, shame it doesn't work with IE .. so Google should only be
able to retrospectively decrypt SSL sessions about 1/3 of the time.
Suppose plod are looking at minimally-competent badguy. He has a Gmail
account which he uses for crooked purposes, but being minimally
competent he doesn't use his real name.
He accesses his crooky Gmail account from home (and afaict he may also
access another Gamil account in the same SSL session), we'll assume he
uses a DHE-supported browser, and his ISP keeps some kind of record of
his internet use - if Plod demand account use details from Google, how
do Google know his account name? From the IP? Do Gmail keep records of
IPs? For how long?
-- peter F
More information about the ukcrypto
mailing list