FAQ's 
Do you use Perfect Forward Secrecy (PFS)?
Knowledge Base > FAQ's > Do you use Perfect Forward Secrecy (PFS)?
By Jeroen van Meeuwen on September 16, 2017

TLDR; Yes.

Perfect Forward Secrecy (PFS) is a qualification of cryptography algorithms in use, for data exchanged between end-points, and indicates that there are no retroactive means to decrypt the encrypted data.

In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys. Forward secrecy protects past sessions against future compromises of secret keys or passwords. If forward secrecy is used, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future, even if the adversary actively interfered.

Perfect Forward Secrecy by Wikipedia, retrieved September 16th, 2017

In other words, if you were able to capture what goes over a wire and seek to read the actual data, not even access to the public certificate and private key of the service would allow you to render a legible form of the contents of the stream of data you captured.

As such, only with Perfect Forward Secrecy (PFS) in place can a service such as Kolab Now protect its customers (you) from interception made legible retroactively, because not even forcing Kolab Now to disclose its public certificate and private key to anyone will allow such entity to make anything legible.

Long story short, Kolab Now does not only support PFS, it is applied throughout its internal network as well — as encryption is never terminated. Points of entry no public has access to still employ encryption for the connection, and PFS in doing so.

Please take the time to verify our test results at sites such as Qualys SSL Labs.

Tags: Tags: , ,