Perfect forwarding secrecy (PFS) (draft)

Perfect forwarding secrecy is a technique where finding the key from one message, cannot be used for decrypting other messages. Basically, if I was to brute-force one message, I need to brute-force the next message as well. I can't use the key I found from the previous message to decrypt other messages.

This is a technique that is used in direct communication: here, both the sender and the recipient decide on an ephemeral key to communicate. Once that is done, the data is decoded on the receiving side and the key is destroyed. On the next message, a new key is created, etc. This would create perfect forwarding secrecy because anyone intercepting the messages cannot use the same key to decrypt other messages.

However, things are a bit different when it comes to email. First of all, there is no direct line between a sender and a recipient. There is a connection between the sender and a mail server, a mail server and another mail server, and finally that mail server and the recipient.

We do have PFS in communication between clients and servers, and servers and servers through the TLS that we enforce. These connections use an ephemeral key to communicate.