IETF Logo Mail Archive

Re: [saag] Perfect Forward Secrecy vs Forward Secrecy

"Mark D. Baushke" <mdb@juniper.net> Wed, 18 March 2020 16:27 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B20B3A1858 for <saag@ietfa.amsl.com>; Wed, 18 Mar 2020 09:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=YNIXAcMg; dkim=pass (1024-bit key) header.d=juniper.net header.b=QwrgHlip
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4q-5tEVJWWLf for <saag@ietfa.amsl.com>; Wed, 18 Mar 2020 09:27:15 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25EB23A184F for <saag@ietf.org>; Wed, 18 Mar 2020 09:27:14 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02IGNMaj026998; Wed, 18 Mar 2020 09:27:08 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : mime-version : content-type : content-id : date : message-id; s=PPS1017; bh=DawDlzuMMUOq1NUJ9cPdPDN4IOiox1+IJfhH7VnZAzs=; b=YNIXAcMgl7ECiZkytEpmkF3aEG4Pj12/aKsbyAjmEEtRZG4bhAQ2vkhDZWCrAjYd13Hv Vax2HfFZ4oAEjW71zVF53B1XgGrsKZxYiNwugKKVdU8btBwcGmGOWNS9oO1D7ECyI99f d1LNc2ad37Fo9onlRy8gN5IRuaJB2wYr8yJomg47dvcr1ZA5XVRGa03USTuwr3vCNLlj KRqraDSjZcmUALwcSoVEHSxH4kyH73qfE9NnqfYIDoa8UyAQVKE2Nrwa6ugc73zVEOlE fq97m1Jif5a4QUGWmn53dRuF9e3iY9WdhrXvmUQV6Cg1HUI8xBk2RTNxP87K6TlUFoQP TQ==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2171.outbound.protection.outlook.com [104.47.58.171]) by mx0b-00273201.pphosted.com with ESMTP id 2yu9as9cjw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Mar 2020 09:27:08 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; =?utf-8?q?b=3DX1/OxXB9Xw+k1ieigsZwwIP+x2RRmjT3BGPahbvYTIpjmkSLkvvOUq4FeGXKF?= =?utf-8?q?La7WzfaZYJKBcymYgx7c5mahRIzMhTJdmvZ7IsPgllMId2+wTPIsC6YdqHnBy9vyQ?= =?utf-8?q?ftbTxZRHN1Ii0PxMixlF4pPcVJVZxR49WLkiMQeNgnBOCtsoyrK9d+7w1sUrcQx/O?= =?utf-8?q?3TNE9KxERVpzrDGOgsqqGwwXH0Af6qFeQeF7dOcTkZ+VZAtavnBxpl5fuHP9V/4GB?= =?utf-8?q?eCxwg/rgaRJ39DusrwrBTkoyoxc3nJz4TsQTaNPlw3zBa1PlsHQAT/3eBfHwJeSTX?= =?utf-8?q?BN3LOxRrdnm+nuPET8WkQ=3D=3D?=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3ACont?= =?utf-8?q?ent-Type=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DDawDlzuMMUOq1NUJ9cPdPDN4IOiox1+IJfhH7VnZAzs=3D=3B_b=3DUH8Uso?= =?utf-8?q?y1OAXRjrDxDS2l6Sim9/g2CAgNld04E2/vlbeFup2T/xBUGDuDRy99eSiBEoiyTNS?= =?utf-8?q?q1Tj4cZk6gidd6Cb7k779GRfmJHpa64uU9qzlquBI7R6BXyH5ccnZhOBttHPrDdrn?= =?utf-8?q?A/At3gmqpIwxXzeuDBBNOmztSsBJKc3ela+3o0pxMjCZKUYRTL+YJf9kInqZD3P2N?= =?utf-8?q?d/RZqF+Vpru1nRNfjPDYHqRX2KYwONBlsQa1eCrN72wnLVVczyNToI/CCA2YGLN59?= =?utf-8?q?Ht0C6ZrzsuVjR5h6rwIjdEZ50ASGeEv6RsmX+yZIXMKr7KbVBVs4KJCs62lTVSVhW?= =?utf-8?q?lHVw2Sj1enw=3D=3D?=
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip is 66.129.242.12) smtp.rcpttodomain=htt-consult.com smtp.mailfrom=juniper.net; dmarc=fail (p=reject sp=reject pct=100) action=oreject header.from=juniper.net; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; =?utf-8?q?h=3DFrom=3ADate=3ASubject=3AMessage-ID=3AContent-Typ?= =?utf-8?q?e=3AMIME-Version=3AX-MS-Exchange-SenderADCheck=3B?= =?utf-8?q?bh=3DDawDlzuMMUOq1NUJ9cPdPDN4IOiox1+IJfhH7VnZAzs=3D=3B_b=3DQwrgHl?= =?utf-8?q?ipVe6TpsFyPo6gdXxtABFKxtmdnzZs8UtvavgGpAxEBRX06L1m5OQZZYEuxYWyIAG?= =?utf-8?q?TOVnmnLOftkATKe/gsqAjZXygV8WgXlXXLk7DP172dOta77rF7bI91zse9iy58rY8?= =?utf-8?q?X/JKEFM4hPjO2mhKKP/E7XJaJHQPw8NvJCk=3D?=
Received: from MWHPR08CA0060.namprd08.prod.outlook.com (2603:10b6:300:c0::34) by DM5PR05MB3177.namprd05.prod.outlook.com (2603:10b6:3:c8::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.12; Wed, 18 Mar 2020 16:27:06 +0000
Received: from CO1NAM05FT026.eop-nam05.prod.protection.outlook.com (2603:10b6:300:c0:cafe::a0) by MWHPR08CA0060.outlook.office365.com (2603:10b6:300:c0::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.22 via Frontend Transport; Wed, 18 Mar 2020 16:27:05 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.242.12 as permitted sender)
Received: from P-EXFEND-EQX-01.jnpr.net (66.129.242.12) by CO1NAM05FT026.mail.protection.outlook.com (10.152.96.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2814.6 via Frontend Transport; Wed, 18 Mar 2020 16:27:04 +0000
Received: from P-EXBEND-EQX-03.jnpr.net (10.104.8.56) by P-EXFEND-EQX-01.jnpr.net (10.104.8.54) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 18 Mar 2020 09:26:37 -0700
Received: from P-EXBEND-EQX-01.jnpr.net (10.104.8.52) by P-EXBEND-EQX-03.jnpr.net (10.104.8.56) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 18 Mar 2020 09:26:37 -0700
Received: from p-mailhub01.juniper.net (10.104.20.6) by P-EXBEND-EQX-01.jnpr.net (10.104.8.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 18 Mar 2020 09:26:37 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [10.160.0.88]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id 02IGQYON022041; Wed, 18 Mar 2020 09:26:35 -0700 (envelope-from mdb@juniper.net)
To: <saag@ietf.org>, Christopher Wood <caw@heapingbits.net>
In-Reply-To: <6b73afd0-6eda-4533-a499-166934702f6e@www.fastmail.com>
References: <7231a98e-e4a2-55c9-3a51-d62886d7d061@htt-consult.com> <F318A864-CC99-47F7-BEFF-608F93AEB451@akamai.com> <6b73afd0-6eda-4533-a499-166934702f6e@www.fastmail.com>
Comments: In-reply-to: "Christopher Wood" <caw@heapingbits.net> message dated "Wed, 18 Mar 2020 07:59:13 -0700."
From: "Mark D. Baushke" <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3516.1584548794.1@eng-mail01.juniper.net>
Date: Wed, 18 Mar 2020 09:26:34 -0700
Message-ID: <3517.1584548794@eng-mail01.juniper.net>
X-EXCLAIMER-MD-CONFIG: e3cb0ff2-54e7-4646-8a04-0dae4ac7b136
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.242.12; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; =?utf-8?b?U0ZTOigxMDAxOTAyMCkoNDYzNjAwOSkoMzc2MDAyKSgz?= =?utf-8?b?NDYwMDIpKDM5ODYwNDAwMDAyKSgzOTYwMDMpKDEzNjAwMykoMTk5MDA0KSg0?= =?utf-8?q?6966005=29=2826826003=29=2870586007=29=285660300002=29=2870206006?= =?utf-8?b?KSg0MzI2MDA4KSg3Njk2MDA1KSgzNTYwMDQpKDI5MDYwMDIpKDQ3ODYwMDAwMSko?= =?utf-8?b?MzE2MDAyKSg4NjM2MjAwMSkoNDcwNzYwMDQpKDE4NjAwMykoOTY2MDA1KSgy?= =?utf-8?b?NjAwNSkoODkzNjAwMikoODExNTYwMTQpKDg2NzYwMDIpKDQyNjAwMykoMzM2?= =?utf-8?q?012=29=28110136005=29=2881166006=29=3B?= DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3177; H:P-EXFEND-EQX-01.jnpr.net; FPR:; SPF:SoftFail; LANG:en; PTR:InfoDomainNonexistent; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 996290c7-751e-4101-fb36-08d7cb59320e
X-MS-TrafficTypeDiagnostic: DM5PR05MB3177:
X-Microsoft-Antispam-PRVS: =?utf-8?q?=3CDM5PR05MB317771B1224B8844E2273255BFF?= =?utf-8?q?70=40DM5PR05MB3177=2Enamprd05=2Eprod=2Eoutlook=2Ecom=3E?=
X-MS-Oob-TLC-OOBClassifiers: OLM:6108;
X-Forefront-PRVS: 03468CBA43
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?kGDMjrxaa9UF+Hh31rMCYqer8psVtZA?= =?utf-8?q?QdFhVkXlnf01nbkDv23WohSX1SVFphiS/f7tPbUdzlOntqZCKcWHrxLYhhDwGUP4r?= =?utf-8?q?XmO6ZNdNERfxCbDHhhP7UpRxT0YnLpnbXtUQjkxC9tUxZowo9JkNZwPs2YShRzhjQ?= =?utf-8?q?p0ZD96tXNUM92ljgLArc8bN6WZncJs4QnBAl/1zh50t1v+C2IXuR3obsQ/bbjv/KQ?= =?utf-8?q?9KO9WZq+1heG7MbA/SR/SF+yglKqH+oI6icPPtWR7Y1rw6spLzcbB5wDYq29931Lp?= =?utf-8?q?fe+WDM9tRp8/XAymSvFTuXLe7mA5+d3jQ/Uz8bUtZ5pnKJ/EqbT/eW2fOBx/JsMBm?= =?utf-8?q?KB9JqFpFAKU8MM3Ud9HLNemPyBp9hGt/obU9+TfLrEcRjEhCayjrWwzCejIHv+dUD?= =?utf-8?q?cTH/d70EhV6+sgHGy1UxVhfBnP/0nJyp0JU6l4Gj7bOR6QARlv5enRiDl1bH9UKV9?= =?utf-8?q?auJgwcjZNlsw83AvOHXjmNeIkcCaYMzClvKsitwm5qSOyMhcE2KUxC2hA4UzLhgTv?= =?utf-8?q?BWZwMyTMZU089kN+CnwxdelChC27E3V8weXO6H1zJSjMgLA=3D=3D?=
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Mar 2020 16:27:04.7535 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 996290c7-751e-4101-fb36-08d7cb59320e
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.242.12]; Helo=[P-EXFEND-EQX-01.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3177
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.645 definitions=2020-03-18_07:2020-03-18, 2020-03-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 lowpriorityscore=0 clxscore=1011 adultscore=0 mlxscore=0 impostorscore=0 bulkscore=0 suspectscore=0 malwarescore=0 phishscore=0 mlxlogscore=589 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003180075
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qW-qFy3_r80xs-3tWROS_i-yy1c>
Subject: Re: [saag] Perfect Forward Secrecy vs Forward Secrecy
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 16:27:27 -0000

Christopher Wood <caw@heapingbits.net> writes:

> On Wed, Mar 18, 2020, at 7:48 AM, Salz, Rich wrote:
> > I agree perfect forward secrecy is the term of art and we shouldn't 
> > create a new one. 
> 
> FWIW, +1.

Wikipedia has an entry

  https://en.wikipedia.org/wiki/Forward_secrecy

which begins with a quote from

  Menzies, Alfred; van Oorscot, Paul C.; Vanstone, SCOTT (1997).
  Handbook of Applied Cryptography. CRC Pres. ISBN 978-0-8493-8523-0.

      In cryptography, forward secrecy (FS), also known as perfect
      forward secrecy (PFS), is a feature of specific key agreement
      protocols that gives assurances that session keys will not be
      compromised even if the private key of the server is compromised.

There is also https://www.perfectforwardsecrecy.com/ which has a paragraph

      Forward Secrecy has been used as a synonym for Perfect Forward
      Secrecy but there is a subtle difference between the two. Perfect
      Forward Secrecy has the additional property that an agreed key
      will not be compromised even if agreed keys derived from the same
      long-term keying material in a subsequent run are compromised.

along with more justification of differences.

So, I still think that PFS is a term of art and we should not stop using
it.

	-- Mark

v2.8.7 | Report a Bug | By Email