Browse by Topic: Security & Reliability
Perfect Forward Secrecy
Last modified on 13 June 2016 06:19 PM

Perfect Forward Secrecy (PFS) is an additional protection mechanism that makes our use of Secure Socket Layer (SSL)/Transport Layer Security (TLS) encryption even more secure. SSL/TLS, which protects your StartMail messages by encrypting each message, relies upon a system of trust between different computers based on the exchange of public "keys". These keys, which are freely shared, enable content to be decrypted only by a system possessing the matching private key.  

A potential risk of this system when PFS is not used is that if the private key for a system is compromised, either by hacking, theft, or government order, then all of the prior session keys used in previous connections that were generated using the private key can be decrypted and examined.  

But StartMail uses PFS for all secure connections, which mitigates this risk by ensuring that the SSL/TLS session keys used for each encrypted session are unique.  When you visit StartMail and a secured connection is established (as indicated by the lock icon in your browser display), both your browser and StartMail use the public and private keys to generate a series of "session keys" that are used to encrypt your requests. Once you leave StartMail, those keys are discarded and new ones will be generated for the next session.  

So as a result, even if someone managed to access StartMail's very secure private key and had recordings of prior secure sessions, they would be unable to decrypt them. 

For additional details on the level of SSL/TLS feature support that StartPage provides from a third-party perspective, please visit Qualys' SSL Labs evaluation of StartMail's features: StartMail is proud to note that on average we score higher than our competitors in Qualys' four grading categories.

For more information on Perfect Forward Secrecy, please see

(61 vote(s))
This article was helpful
This article was not helpful

Still haven't found the answer to your question? Click here to contact support.