Re: extension mechanism needed

It would actually be *very* simple to do opportunistic forward secrecy
with the protocols we have *now*.

PGP/MIME defines an application/pgp-keys type. If you sent an FS
encryption key with a short expiry time in every n messages, signed with
your long term signature key, compatible clients would simply add the
key to the user's keyring. Others would ignore it. PGP 2.6 uses the
last-added key for any user to encrypt messages, so we could just codify
that behaviour in the standard. You wouldn't even need to send out key
revocations as the expiry date would be set. You could then securely
wipe/archive/whatever the corresponding private key some time after that
date.

Ian :D

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Armour, (continued) Re: Armour, Ian Grigg Re: Armour, David Hayes Re: Armour, David Formosa Re: Armour, David Formosa Re: Armour, Ian Brown Re: Armour, Kent Crispin Re: Armour, Ian Brown Re: Armour, Jim McCoy Re: Armour, David Formosa Re: Armour, Dave Crocker / IMC Re: extension mechanism needed, Ian Brown <= Re: extension mechanism needed, Bill Stewart Re: extension mechanism needed, Adam Back Re: extension mechanism needed, Jon Callas Re: extension mechanism needed, Adam Back Re: extension mechanism needed, Lutz Donnerhacke

Previous by Date:	Re: extension mechanism needed, Ian Brown
Next by Date:	Re: clearsigned sigs, Hal Finney
Previous by Thread:	Re: Armour, Dave Crocker / IMC
Next by Thread:	Re: extension mechanism needed, Bill Stewart
Indexes:	[Date] [Thread] [Top] [All Lists]