If, like me, you’re unsettled by the recent government(s) snooping you are probably looking for ways to secure your on-line activities. One obvious way is to use SSL/TLS whenever possible. If you use Firefox or Chrome, HTTPS Everywhere can help.
Sadly, even if you believe in the security of SSL/TLS, there is, for most sites, a single point of failure. When the client and server negotiate to agree on an encryption key, the negotiation is encrypted by the site’s static key. That means that if the key is later broken or exposed and, like the NSA, you have saved HTTPS sessions, you can retroactively decrypt them all.
What’s needed is perfect forward secrecy (PFS). That means that if one session is decrypted, the others are still safe. For SSL/TLS, perfect forward secrecy requires you to change the key used to encrypt the session negotiation for each session. All of this is beautifully explained by Michael Horowitz over at Computer World. Because he goes into reasonable detail, the article is a bit long but well worth reading. I urge you to take the time to give it a look.
Netcraft also has an excellent article on PFS that covers much of the same material and gives more information on the support that various browsers provide for it. It explains why some browsers, such as Safari, which support PFS nevertheless fail to apply it for some sites. Definitely worth reading.
As users, of course, there is little we can do except encourage the sites we use to implement it. Currently Google and a few smaller sites do this but most do not. That’s probably because you get a performance hit when you implement perfect forward secrecy. One happy note for the paranoid among us is that DuckDuckGo is now using PFS with all the major browsers.
Those of us who are technologits are in a position to make things better. Whenever we can, we should push to use SSL/TLS with PFS on our Web sites. That may mean making a case to management or beefing up the server if needed. Not easy, of course, but well worth it if it helps secure the Web and keep the Nosy Parkers at bay.