[107399] in cryptography@c2.net mail archive
Re: forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)
daemon@ATHENA.MIT.EDU (Jon Callas)
Tue Nov 6 18:11:00 2007
In-Reply-To: <20071105224157.GA24988@bitchcake.off.net>
Cc: Ian G <iang@systemics.com>,
John Levine <johnl@iecc.com>,
cryptography@metzdowd.com,
auto37159@hushmail.com
From: Jon Callas <jon@callas.org>
Date: Mon, 5 Nov 2007 15:05:11 -0800
To: Adam Back <adam@cypherspace.org>
> What about deleting the private key periodically?
>
> Like issue one pgp sub-key per month, make sure it has expiry date etc
> appropriately, and the sending client will be smart enough to not use
> expired keys.
>
> Need support for that kind of thing in the PGP clients.
Forgive the additional nag, but that is OpenPGP clients. PGP clients
are my software. Mind you, I'm in favor of it, but (e.g.) Hushmail is
not a PGP client. It has nothing to do with PGP Corporation.
>
> And hope your months key expires before the lawyers get to it.
>
> Companies have document retention policies for stuff like
> this... dictating that data with no current use be deleted within some
> time-period to avoid subpoenas reaching back too far.
>
Well, we had some good news this weekend that RFC 4880, the updated
RFC 2440 is finally published. The OpenPGP working group has other
work it would like to do, including Perfect Forward Secrecy.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
