1997-10-19 - encryption key expiry in pgp5.x

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: ietf-open-pgp@imc.org
Message Hash: e08ae6c920ec13ffb73b6acf76d8a52c44fdb6f8c17f8a19d6e1fd1f3e64e410
Message ID: <199710192239.XAA05744@server.test.net>
Reply To: N/A
UTC Datetime: 1997-10-19 23:11:21 UTC
Raw Date: Mon, 20 Oct 1997 07:11:21 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 20 Oct 1997 07:11:21 +0800
To: ietf-open-pgp@imc.org
Subject: encryption key expiry in pgp5.x
Message-ID: <199710192239.XAA05744@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




What happens in this scenario with pgp5.0, or pgp5.5:

- You have a signature key which you'll keep for say 2 years before
  creating a new one.

- You have a policy of generating new encryption keys every 6 months.

- Your email archives are stored as received still encrypted to your
  public encryption key (I think you have no choice but to do this with
  some of the pgp5.x plugins).

- You expire the key, and securely wipe the private half of the key.
  (An advantage of rekeying in this way is to gain forward secrecy:
  messages gathered by an attacker can no longer be decrypted with
  information you have, but to get the forward secrecy you must
  literally securely wipe the private key).

If you do this, you won't be able to read your old mail folder,
because you no longer have the key it was encrypted to.

Does this imply that you must keep the private key for perpetuity?
(Or at least as long as you want to read old mail archives).

One presumes the same problem applies to CMR recovery keys, they must
also be kept as long as recovery is required, if the user forgets the
password.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread