I don't know how much everyone has seen of the UK government's current
attempt to legislate for access to keys, but despite extreme opposition
they seem set to push through powers for "information disclosure" orders
that allow *any public authority* to demand keys (on pain of two years'
imprisonment) and impose a gagging order that prevents you telling anyone
but your lawyer (or go to jail for five years).
Adam Back, Ben Laurie and I have been working on a draft that would allow
OpenPGP software to minimise the damage such a notice could cause to a PGP
user. It specifies mechanisms for using short-lifetime and one-time keys to
limit the amount of information that becomes vulnerable after key
compromise.
John Noerenberg suggested we publish it as an informational RFC. We would
be grateful for feedback from this group before we take that step.
The current version is at
http://www.cs.ucl.ac.uk/staff/I.Brown/openpgp-pfs.txt
Thanks!
Ian :)