forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)
Adam Back
adam at cypherspace.org
Mon Nov 5 17:41:57 EST 2007
On Fri, Nov 02, 2007 at 06:23:30PM +0100, Ian G wrote:
> I was involved in one case where super-secret stuff was shared
> through hushmail, and was also dual encrypted with non-hushmail-PGP
> for added security. In the end, the lawyers came in and scarfed up
> the lot with subpoenas ... all the secrets were revealed to everyone
> they should never have been revealed to. We don't have a crypto
> tool for embarrassing secrets to fade away.
What about deleting the private key periodically?
Like issue one pgp sub-key per month, make sure it has expiry date etc
appropriately, and the sending client will be smart enough to not use
expired keys.
Need support for that kind of thing in the PGP clients.
And hope your months key expires before the lawyers get to it.
Companies have document retention policies for stuff like
this... dictating that data with no current use be deleted within some
time-period to avoid subpoenas reaching back too far.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list