At 07:24 AM 7/25/2013, Bryce Lynch wrote:
Yet note, Dec, a provider simply logging the session keys is still possible. On the server side, or in their production networks?
A web server (or SSL box in front of a web server) could theoretically log session keys, even with "Perfect" Forward Secrecy. After all, both ends of the Diffie-Hellman exchange do get the actual shared session key (which is the point of the exchange :-), and it would be possible to save it in addition to using it. From a security perspective, it'd be a really bad idea to do so, and AFAICT there's no useful business purpose for doing so, and you're not going to be able to pay Peter Gutman enough to modify OpenSSL to do that, but one of the fun things about security of open source software is that the some miscreant could easily do it themselves, using the modules that are already available, and position it as a "feature" that lets you support efficient load-balancing across multiple web servers in a single session, with an "auditing" or "debugging" feature to let you be sure the load-balancing is implemented successfully in your cloud. (And oops, the UI feature that turns off debugging didn't get implemented in this sprint.)