Comments on: Google implements "forward secrecy" in its encrypted traffic, releases improvements to SSL library for all to use http://boingboing.net/2011/11/30/google-implements-forward-se.html Brain candy for Happy Mutants Fri, 24 May 2013 23:51:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Pepijn http://boingboing.net/2011/11/30/google-implements-forward-se.html#comment-1284614 Pepijn Thu, 01 Dec 2011 16:46:00 +0000 http://boingboing.net/?p=132212#comment-1284614 That's nice. Meanwhile, they <i>still</i> do not support HTTPS for AdSense, forcing everyone using Google ads to leave their pages insecurely available via HTTP. That’s nice. Meanwhile, they still do not support HTTPS for AdSense, forcing everyone using Google ads to leave their pages insecurely available via HTTP.

]]> By: shadowfirebird http://boingboing.net/2011/11/30/google-implements-forward-se.html#comment-1283875 shadowfirebird Wed, 30 Nov 2011 21:42:00 +0000 http://boingboing.net/?p=132212#comment-1283875 Forgive me, but aren't Google still storing the originating IP for each search query?   So: yes, this is good, but it doesn't mean make them anywhere near perfect... Forgive me, but aren’t Google still storing the originating IP for each search query?  

So: yes, this is good, but it doesn’t mean make them anywhere near perfect…

]]> By: scroffy http://boingboing.net/2011/11/30/google-implements-forward-se.html#comment-1283604 scroffy Wed, 30 Nov 2011 18:52:00 +0000 http://boingboing.net/?p=132212#comment-1283604 I sad that everyone misses the key point here. Google is in the business of saving data for future use, including sales to governments. US government competes on save traffic by sniffing the traffic, something they are loath to admit (AT&T tapping in San Francisco springs to mind?). Since Google will retain the plaintext for traffic that they are party to (eg Gmail), this new scheme means that they will be the monopoly on that traffic data when it is desired by government later on. The NSA won't have a copy. Google will able to sell it. And because government wants the data, but doesn't want to disclose the extent of the privacy invasions, they are less likely to damage Google's business model because they need the relationship. I sad that everyone misses the key point here. Google is in the business of saving data for future use, including sales to governments. US government competes on save traffic by sniffing the traffic, something they are loath to admit (AT&T tapping in San Francisco springs to mind?). Since Google will retain the plaintext for traffic that they are party to (eg Gmail), this new scheme means that they will be the monopoly on that traffic data when it is desired by government later on. The NSA won’t have a copy. Google will able to sell it. And because government wants the data, but doesn’t want to disclose the extent of the privacy invasions, they are less likely to damage Google’s business model because they need the relationship.

]]> By: Brian Carp http://boingboing.net/2011/11/30/google-implements-forward-se.html#comment-1283550 Brian Carp Wed, 30 Nov 2011 18:17:00 +0000 http://boingboing.net/?p=132212#comment-1283550 So if the advantage of "forward secrecy" is that stored encrypted messages can never be decrypted later, this raises a question: why would a server ever bother to store an encrypted message that it can't decrypt? If you don't waste resources storing indecipherable information, it's not only more efficient but also more secure against future singularity-era technologies that could break the encryption.  It's not at all clear to me why a server would bother with the storage in the first place. So if the advantage of “forward secrecy” is that stored encrypted messages can never be decrypted later, this raises a question: why would a server ever bother to store an encrypted message that it can’t decrypt?

If you don’t waste resources storing indecipherable information, it’s not only more efficient but also more secure against future singularity-era technologies that could break the encryption.  It’s not at all clear to me why a server would bother with the storage in the first place.

]]> By: Thad Boyd http://boingboing.net/2011/11/30/google-implements-forward-se.html#comment-1283528 Thad Boyd Wed, 30 Nov 2011 18:01:00 +0000 http://boingboing.net/?p=132212#comment-1283528 Seems to me that if someone breaks into Google, the goal is to get actual search data and not merely a private key to decrypt previously-snooped packets.  But still, this is a good step forward. Seems to me that if someone breaks into Google, the goal is to get actual search data and not merely a private key to decrypt previously-snooped packets.  But still, this is a good step forward.

]]> By: Mordicai http://boingboing.net/2011/11/30/google-implements-forward-se.html#comment-1283522 Mordicai Wed, 30 Nov 2011 17:57:00 +0000 http://boingboing.net/?p=132212#comment-1283522 You know what would REALLY impress me?  Some kind of ability to share articles on Google Reader.  What an incredible leap forward that would be!  #SourGrapes You know what would REALLY impress me?  Some kind of ability to share articles on Google Reader.  What an incredible leap forward that would be!  #SourGrapes

]]>