Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Me neither. Thing is, using PFS modes (like, DHE or ECDHE), even a server key compromise won't let you decrypt passive intercepts.

Google started using these for their TLS setup about a year ago, and it's smart. They blogged about it, hoping others would follow suit.

I wonder if perhaps that change, and blog post, were their way of saying without saying.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: