Michael Horowitz wrote a great article at Computer World entitled Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it
.
The tl;dr – encrypted HTTPS communications can be saved by Big Brother, and if the private key is broken at some time in the future, the saved communications can then be decrypted and read.
To avoid this fate, the HTTP server needs to use ephemeral keys (keys that are unique to each encrypted session). Almost nobody does this. I double-checked PA Server Monitor’s (and PA File Sight’s) internal HTTPS server, and sure enough, we use ephemeral keys 🙂 We have the best software engineers (thanks Steve!).
If you’d like to verify this using the technique mentioned in the article (using the Chrome browser for example), head over to our demo server and take a look.
Image: © Rob Pongsajapan
