The so-called "forward secrecy" feature basically protects an HTTPS-secured session from being retroactively decrypted, according to Adam Langley, a member of the Google security team. So if a bad guy were to attempt to decrypt HTTPS sessions he had recorded, he would be unable to do so, Langley says.
"Most major sites supporting HTTPS operate in a non-forward secret fashion, which runs the risk of retrospective decryption," Langley said in a blog post announcing the new security feature today. "In other words, an encrypted, unreadable email could be recorded while being delivered to your computer today. In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic."
Forward secrecy is different than nonforward secrecy, where the private keys for an SSL connection are stored for the long term. With forward secrecy, no one can go back and decrypt a recorded HTTPS session, not even the SSL server administrator, Langley says.
Secure Sockets Layer (SSL) has been under siege lately with one certificate authority after another getting hacked, its inherent vulnerability to man-in-the-middle attacks, as well as the high volume of SSL-based websites that are improperly configured.
Ivan Ristic, director of engineering at Qualys and an SSL expert, says Google's addition of forward secrecy "is communication channel encryption done right."
It also prevents governments from decrypting recorded traffic. "Without it, they might try to get Google's private keys. So Google is removing a potentially big liability for them with this move. Perhaps that was their main motivation," he says.
Google is also placing the forward secrecy technology in the public domain in hopes that it will become part and parcel of HTTPS implementations. "We have also released the work that we did on the open source OpenSSL library that made this possible," Langley says.
Users can confirm whether forward-secrecy is running in their Chrome browsers by clicking the green padlock to the left of an HTTPS URL: The key exchange mechanism is ECDHE_RSA if the new feature is active in the browser app.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.