2013.11.19 22:33:22 (402912508622548992) from Daniel J. Bernstein, replying to "Samuel Neves (@sevenps)" (402789107278946304):
The MinimaLT paper avoids the name "forward secrecy"; it talks about the speed of "key erasure". @sevenps @ewust @csoghoian @matthew_d_green
2013.11.19 13:37:26 (402777634746015745) from "Eric Wustrow (@ewust)", replying to "Christopher Soghoian (@csoghoian)" (402486864369557504):
@csoghoian should we really still be calling it "perfect" forward secrecy? I wouldn't consider "is broken passively by discrete log" perfect
2013.11.19 14:23:01 (402789107278946304) from "Samuel Neves (@sevenps)", replying to "Eric Wustrow (@ewust)" (402777634746015745):
@ewust @csoghoian @matthew_d_green If the discrete log is broken, why even "forward" or "secrecy"?