Hacker News new | past | comments | ask | show | jobs | submit login

I think it uses perfect forward secrecy, unlike almost any other SSL connection: http://blogs.computerworld.com/encryption/22366/can-nsa-see-...

Prefect forward secrecy is a lot more secure since if google's private key were compromised any traffic -- including traffic captured in the past -- would still be secure (baring some further compromise).

Each connection has 2 possibly transient negotiated public/private key pairs made just for that connection. In theory, google could store all these pairs as well and they could be compromised, but that adds up to a lot more ifs.

As near as I can tell, the extra computation required to do perfect forward secrecy is a large part of why its not more frequently implemented.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: