Re: Forward secrecy2000-07-07 10:01:46Expired public encryption keys MUST be deleted by users and keyservers to remove information on old key pairs. Does this really add enough security to be worth a MUST? An expired public key should not significantly threaten the contents of previously encrypted messages. Furthermore, such deletions can provide at most "security by obscurity" since attackers could easily have made their own archives of the public keys on the key servers. Hal
|
|