@matthew_d_green Re Google and PFS, don't forget about TLS session tickets. Someone with access to those site-wide keys can subvert PFS.
-
-
Replying to @moxie
@moxie@matthew_d_green Yeah but they can be disabled server-side. Does PFS require TLS sessions tickets to be turned on?2 replies 0 retweets 0 likes
@moxie @matthew_d_green blackhat presentation on TLS session ticket security. https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf … slides: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf …
4:32 PM - 9 Sep 2013
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.