[119119] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Worthless Disappearing [Self-Destruct E-mail]

daemon@ATHENA.MIT.EDU (AMP)
Fri Oct 15 21:18:06 1999

Message-ID: <3807CEFA.F51C41A7@pobox.com>
Date: Fri, 15 Oct 1999 20:03:54 -0500
From: AMP <amp@pobox.com>
MIME-Version: 1.0
To: Greg Broiles <gbroiles@netbox.com>
CC: cypherpunks@cyberpass.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Reply-To: AMP <amp@pobox.com>

Greg Broiles wrote:
> > Why even bother to buy into a service that has this feature when you
> > can't be =sure= that the keys are =really= deleted. The paranoid might
> > say that this could easily be a front for TLA of USGOV to sucker people
> > into a false sense of security.
> 
> The service might or might not be worthwhile, depending on your threat
> model - if you're concerned about the US Govt - especially the more
> technically skilled parts of it - you probably need something better
> than what these guys offer.
> 
> On the other hand, if your threat model is civil suit plaintiffs who
> make very broad discovery requests and/or subpoena hard disks, this is
> probably sufficient.
> 
> If you're a corporation, Bill Lerach is probably scarier than Louis
> Freeh.

True enough. I suspect that most corporate types would feel uneasy about
the service in general unless they were fully appraised of the threat
email poses in the discovery process these days. Hopefully given the
news from the Micro$oft trial they are starting to worry. 

> > Why not just implement the same thing oneself?
> 
> Maybe one's self isn't a programmer, or doesn't want to reinvent the
> wheel?

No programming required by my proposal as I'm programmatically
challenged myself.
 
> > It's January 1,2000. Each FF generates a key. Key IDs for weekly
> > rotation might be FFa12000, FFb12000, and FFc12000. On the 8th, of
> > January, FFa generates a new key (FFa22000), signs it with FFa12000, and
> > sends it to FFb and FFc. His compatriots do likewise. Upon receipt of
> > the new keys for FFb and FFC, he checks the signatures on the new keys
> > then destroys the secret and public key for FFa12000 and the public keys
> > for FFb12000 and FFc12000 by burning the floppy they reside upon.
> 
> That's very nice, but it's very hard to get the average corporate drone
> to use PGP at all, much less generate, sign, and destroy keys on a
> weekly basis. If the Disappearing Inc people do their UI work well (even
> though PGP's got a good UI, at least in the crypto field), there's some
> chance it'll actually be used. Marginal security used sometimes is
> stronger than very strong security that's never used.

This isn't designed for average drones. I said as much in my original
message that the users would have to be conversant with PK technology.
Perhaps I didn't state this clearly enough. IMO, not very many people I
know of could carry this off. I know I could if I needed too, but it
would be pretty difficult for me to trust FFb & FFc to be as careful
about such things as I am.

As I stated origionally, my proposal was largely targeted for the
Freedom Fighter or others of similar bent. I can see a need for such
systems, though probabl not as drastic as weekly key generation today in
some areas and probably more going forward. 

Another variation on this theme would be to have a webpage known by
those who you would wish to communicate with. A key could be posted on a
periodic and possibly overlapping basis with instructions as to its
frequency and the fact that any material recieved outside of the
periodic basis would be discarded as unreadable. 

The time is soon coming when such radical notions may need to be more
carefully looked at. This is why I mentioned it in the first place.

Regards,

alan

-- 
amp@pobox.com
http://zeugma.nu/

What part of "shall not be infringed" do you not understand?

"Come and take it!"


home help back first fref pref prev next nref lref last post