The more common term is "forward secrecy" - indeed, the normal definition [1] refers specifically to the secrecy of session keys or ephemeral key material after being deleted. Other elements of security such as authentication and integrity are irrelevant so "secrecy" seems to be the more appropriate term. There are other notions in cryptography that use the term "forward secure", see http://www.cs.bu.edu/~itkis/pap/forward-secure-survey.pdf.
[1] "the compromise of long-term keys does not compromise past session keys" Hugo On Mon, Nov 30, 2015 at 4:27 PM, Dave Garrett <davemgarr...@gmail.com> wrote: > Which do we like better: "Forward Security" or "Forward Secrecy"? The TLS > 1.3 draft uses both interchangeably. The term is clearly in a state of > flux, seeing as we've seemingly collectively agreed to drop the word > "perfect" from the term, already. Personally, I prefer "security" because > "secrecy" is a less used word, and to "forward secure" something is > grammatically OK but to "forward secret" something is not. (e.g. the doc > says 0RTT data is not "forward secure" but "forward secret" isn't really > the right phrase here) Everything could be rephrased to use either, but I'd > like to change all our use to just "forward secure" and stick a note > somewhere on the terminology. > > > Dave > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
