|
|
|
|
|
|
by KAMSPioneer
394 days ago
|
|
|
No, my GP is correct: if the server's RSA private key is compromised it does not allow decryption of any previously-recorded sessions. You would need to compromise the _ephemeral session key_ which is difficult because it is discarded by both parties when the session is closed. Compromising the RSA key backing the certificate allows _future_ impersonations of the server, which is a different attack altogether. |
|
|