[Top] [All Lists]

Re: extension mechanism needed

1997-11-14 08:49:13
It would actually be *very* simple to do opportunistic forward secrecy
with the protocols we have *now*.

PGP/MIME defines an application/pgp-keys type. If you sent an FS
encryption key with a short expiry time in every n messages, signed with
your long term signature key, compatible clients would simply add the
key to the user's keyring. Others would ignore it. PGP 2.6 uses the
last-added key for any user to encrypt messages, so we could just codify
that behaviour in the standard. You wouldn't even need to send out key
revocations as the expiry date would be set. You could then securely
wipe/archive/whatever the corresponding private key some time after that

Ian :D

<Prev in Thread] Current Thread [Next in Thread>