there used to be a draft (Brown, Back, Laurie: Forward Secrecy
Extensions for OpenPGP) on how to add PFS to OpenPGP. I recently
looked again at the now expired draft to decide whether it can be
implemented. It does need a little bit of work but 2 things could be
very helpful if we can put them into OpenPGP now:
1. A key flag "one time key". I suggest to use the next
octet for this:
0x01 - This key should be used only once.
2. A feature flag "one time key support", with value 2: It
indicates that the implementation is able to handle one time
keys; i.e. it will never use this key twice for encryption and
delete the secret key after successful decryption.
Because all details of such a feature can't go right now in 2440bis,
we might just want to mark these values as "reserved for one time key
BTW, why is the 188.8.131.52. Features defined as just an array of
one-octet values and not similar to the key flags? I think it would
be much more consistent if we stick to the general OpenPGP bit-saving
technique. Can we change it to:
The features subpacket denotes which advanced OpenPGP features a
user's implementation supports. This is so that as features are
added to OpenPGP that cannot be backwards-compatible, a user can
state that they can use that feature.
This subpacket is similar to a preferences subpacket, and only
appears in a self-signature.
An implementation SHOULD NOT use a feature listed when sending to a
user who does not state that they can use it.
Defined features are:
Bit 0 - Modification Detection (packets 15 and 16)
If an implementation implements any of the defined features, it
SHOULD implement the features subpacket, too.
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus