I would say the key exchange part, because PFS is used only during the key exchange of server and client.
Am I right or have I overlooked something?
Asked
Active
Viewed 19 times
0
-
Did you mean to tag this with RSA and not DH? – schroeder Nov 08 '19 at 12:39
-
I was not sure about it – ItSec Nov 08 '19 at 12:44
-
The point is erasing all key material that enables decrypting the conversation. This can't happen only at the handshake—the handshake, after all, serves to establish the key that the peers can use to decrypt the conversation they're about to have; in addition to erasing any secrets that figured into the handshake, they also have to erase that key when the conversation is over. You might find an answer over at crypto.SE helpful. – Squeamish Ossifrage Nov 08 '19 at 17:50