Security

Forward secrecy

Past sessions stay secret even if the long-term key leaks.

In plain terms

Achieved with ephemeral key exchange (ECDHE). Mandatory in TLS 1.3 — RSA key transport is gone for this reason.

Origin

Whitfield Diffie, Paul van Oorschot, and Michael Wiener formalised perfect forward secrecy in 1992. TLS 1.3 made it mandatory in 2018 by removing RSA key transport entirely.

Where it shows up in production

TLS 1.3 ECDHE is the only key-exchange option. Static RSA — which broke forward secrecy — is gone.
Signal Protocol Double Ratchet rotates keys every message; capturing one session reveals nothing about adjacent ones.
WireGuard Curve25519 ephemeral key exchange every two minutes by default.

On Semicolony

Guide https

Sources & further reading

Blog Cloudflare — Why use forward secrecy?
RFC RFC 8446 §1.3 — TLS 1.3 forward secrecy

Found this useful?