Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No. PFS is about when messages are in transit. Sure thing, it makes sense to encrypt them with ephemeral keys rather than a long-living ones.

However, that particular point I've quoted was - as I understood it - about message archives. Short-lived keys are just fundamentally incompatible with long-term storage. We either keep data, or we don't.

PFS helps for about another point raised, "if a key is broken or leaked..." (but has a trade-off, as it requires some sort of key exchange)



> However, that particular point I've quoted was - as I understood it - about message archives.

In a sense you're right, but the archive in question is the one your adversary accrued while they were intercepting your in-flight emails, which you encrypted with your static key. Any archive you have control over is sort of beside the point.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: