forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)

Jon Callas jon at
Mon Nov 5 18:05:11 EST 2007

> What about deleting the private key periodically?
> Like issue one pgp sub-key per month, make sure it has expiry date etc
> appropriately, and the sending client will be smart enough to not use
> expired keys.
> Need support for that kind of thing in the PGP clients.

Forgive the additional nag, but that is OpenPGP clients. PGP clients  
are my software. Mind you, I'm in favor of it, but (e.g.) Hushmail is  
not a PGP client. It has nothing to do with PGP Corporation.

> And hope your months key expires before the lawyers get to it.
> Companies have document retention policies for stuff like
> this... dictating that data with no current use be deleted within some
> time-period to avoid subpoenas reaching back too far.

Well, we had some good news this weekend that RFC 4880, the updated  
RFC 2440 is finally published. The OpenPGP working group has other  
work it would like to do, including Perfect Forward Secrecy.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list