[Cryptography] Email and IM are ideal candidates for mix networks

[Jon Callas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 29, 2013, at 3:43 AM, Jerry Leichter <leichter at lrw.com> wrote:

> - If I need to change because the private key was compromised, there's nothing I can do about past messages; the question is what I do to minimize the number of new messages that will arrive with a now-known-insecure key.  This was the case I assumed the previous poster was concerned with.

Personally, I think you shouldn't worry about this.

The real sin is getting an attachment to a key. You are much better off developing a philosophy of key management in which you use it and then get rid of it regularly. 

If you do this reasonably well, it reduces the chance that a key will get compromised because its aegis, footprint, shadow, etc. is small. It also reduces the effect because most likely it takes more time to break the key than its lifetime; I consider hacking the key, stealing it, etc. to be a form of breaking. Stealing a key through a 'sploit is also cryptanalysis.

Be Buddist about your keys and have no attachments. (This is also a good philosophy about mail, but that's a different discussion.)

> - As I outlined things, there was never a reason you couldn't have multiple public keys, and in fact it would be a good idea to make traffic analysis harder.  Adding a new key for "a new facet of your electronic life" is trivial.

That's a fine step to a good attitude, but the effect on traffic analysis will be small or close to nil. Traffic analysis includes social graph analysis and any good social graph analysis will include probabilities that an entity will have different personae. Keys are just masks, too, just like a persona.

	Jon



-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFSIC5MsTedWZOD3gYRAmpmAJ0UJ7K9GWo9FLSa8HR1CmSbWRZcgQCgkuif
rbTWOi5eHdxNpRzQ9VkqDBY=
=PpOZ
-----END PGP SIGNATURE-----