On Thu, 24 Feb 2005 08:16:03 -0800 Ben Laurie
<ben(_at_)algroup(_dot_)co(_dot_)uk>
wrote:
http://www.links.org/dnssec/draft-brown-pgp-pfs-04.html
http://www.links.org/dnssec/draft-brown-pgp-pfs-04.txt
Forward Secrecy Extensions for OpenPGP
Comments, please!
the site lists the following statement:
"If expired keys are securely deleted, attackers will never be able
to retrieve them to decrypt captured ciphertext. Therefore when a
public encryption key expires, an OpenPGP client MUST securely wipe
the corresponding private key"
it would also need the suggestion/requirement that the OpenPGP
client
NOT be allowed to make a 'backup' of the private key,
something now routinely done by default
but even if it does so, and does not make any backups,
it is still not foolproof,
it just requires the adversary to do 'more work'
assuming the sender corresponds with 'n' different recipients,
and sends a new subkey packet to each of them for each encryption,
if the adversary can intercept each e-mail message, and stores
them,
then the adversary now needs the 'n' long-term private keys of the
recipients, and can then recover the subkeys and the messages
so, the security still depends on the recipient's long term
private keys not being compromised, as it did without the use of
the subkeys
but if the sender doesn't encrypt to self, and encrypts only to the
receiver,
how is the security improved by having different subkeys each time
for that receiver?
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427