I rarely reblog another’s posts, but this is big news, the main reason being RSA is/was the default cipher for exchanging TLS/SSL session keys.
An HTTPS connection actually uses symmetric encryption, but obviously the symmetric (session) key must be exchanged during the TLS/SSL handshake, and that’s the job of the asymmetric cipher.
Obviously this means the security of HTTPS often rests almost entirely on RSA – if that’s broken, the attacker has the session key and the connection is compromised.
THE INTERNET ENGINEERING TASK FORCE (IETF) has dropped RSA code from TLS 1.3, the next version of SSL.
An email from the IETF had the subject line, “Confirming Consensus on removing RSA key Transport from TLS 1.3” and contained a short note.
The note said that discussions within the IETF working group found that Transport Layer Security (TLS) system have included RSA code for some time. It explained that over the years confidence in RSA has been shaken, adding that the consensus decision is to remove RSA code.
“TLS has had cipher suites based on RSA key transport (aka “static RSA”, TLS_RSA_WITH_*) since the days of SSL 2.0. These cipher suites have several drawbacks including lack of PFS, pre-master secret contributed only by the client, and the general weakening of RSA over time,” said the note.
“It would make the security analysis simpler to remove this option…
View original post 230 more words