'Perfect example of how Snowden has improved our privacy' says professor
By John Leyden, 8 May 2014 Standards stewards on the Internet Engineering Task Force (IETF) are planning to drop RSA key exchanges from TLS 1.3, the next revision of SSL.The technical body is instead eying up algorithms that use short-lived encryption keys, aka ephemeral keys, that can sidestep surveillance dragnets by the likes of the NSA.
Specifically, the IETF has backed Diffie-Hellman key exchange (DHE) and ?Elliptic Curve Diffie-Hellman? key exchange (ECDHE) over RSA because the former two support Perfect Forward Secrecy (PFS).
When a server and a client use SSL/TLS, they must agree upon a unique encryption key valid for just that connection session – and use it to protect their communications from eavesdroppers and tamperers.
How that session key is transported between the client and server is crucial here: in RSA key exchange, the client generates the temporary key, encrypts it using the server's public RSA key, and sends it over the network. The server uses its corresponding RSA private key to decrypt the session key – now both sides have what they need.
Full Article
Looks like they are working on it...but I think that one has to ask the serious question....so where is the flaw or flaws in this one?