forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)
Jon Callas
jon at callas.org
Mon Nov 5 18:05:11 EST 2007
> What about deleting the private key periodically?
>
> Like issue one pgp sub-key per month, make sure it has expiry date etc
> appropriately, and the sending client will be smart enough to not use
> expired keys.
>
> Need support for that kind of thing in the PGP clients.
Forgive the additional nag, but that is OpenPGP clients. PGP clients
are my software. Mind you, I'm in favor of it, but (e.g.) Hushmail is
not a PGP client. It has nothing to do with PGP Corporation.
>
> And hope your months key expires before the lawyers get to it.
>
> Companies have document retention policies for stuff like
> this... dictating that data with no current use be deleted within some
> time-period to avoid subpoenas reaching back too far.
>
Well, we had some good news this weekend that RFC 4880, the updated
RFC 2440 is finally published. The OpenPGP working group has other
work it would like to do, including Perfect Forward Secrecy.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list