[119105] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Worthless Disappearing [Self-Destruct E-mail]

daemon@ATHENA.MIT.EDU (Greg Broiles)
Fri Oct 15 03:49:22 1999

Date: Fri, 15 Oct 1999 00:34:13 -0700
From: Greg Broiles <gbroiles@netbox.com>
To: AMP <amp@pobox.com>
Cc: cypherpunks@cyberpass.net
Message-ID: <19991015003412.A19810@ideath.parrhesia.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <380694E3.AE5AF861@pobox.com>; from AMP on Thu, Oct 14, 1999 at 09:43:47PM -0500
Reply-To: Greg Broiles <gbroiles@netbox.com>

On Thu, Oct 14, 1999 at 09:43:47PM -0500, AMP wrote:
> Greg Broiles wrote:
> > It's not "totally worthless"; it should not be intended as providing
> > protection against deliberate archiving, but as protecting against
> > accidental retention of something which by policy should have been
> > deleted.
> 
> Why even bother to buy into a service that has this feature when you
> can't be =sure= that the keys are =really= deleted. The paranoid might
> say that this could easily be a front for TLA of USGOV to sucker people
> into a false sense of security.

The service might or might not be worthwhile, depending on your threat
model - if you're concerned about the US Govt - especially the more
technically skilled parts of it - you probably need something better
than what these guys offer.

On the other hand, if your threat model is civil suit plaintiffs who
make very broad discovery requests and/or subpoena hard disks, this is
probably sufficient. 

If you're a corporation, Bill Lerach is probably scarier than Louis
Freeh.

> Why not just implement the same thing oneself?

Maybe one's self isn't a programmer, or doesn't want to reinvent the
wheel? 

> It's January 1,2000. Each FF generates a key. Key IDs for weekly
> rotation might be FFa12000, FFb12000, and FFc12000. On the 8th, of
> January, FFa generates a new key (FFa22000), signs it with FFa12000, and
> sends it to FFb and FFc. His compatriots do likewise. Upon receipt of
> the new keys for FFb and FFC, he checks the signatures on the new keys
> then destroys the secret and public key for FFa12000 and the public keys
> for FFb12000 and FFc12000 by burning the floppy they reside upon.

That's very nice, but it's very hard to get the average corporate drone
to use PGP at all, much less generate, sign, and destroy keys on a
weekly basis. If the Disappearing Inc people do their UI work well (even
though PGP's got a good UI, at least in the crypto field), there's some
chance it'll actually be used. Marginal security used sometimes is
stronger than very strong security that's never used.

--
Greg Broiles
gbroiles@netbox.com


home help back first fref pref prev next nref lref last post