From: frantz@netcom.com (Bill Frantz)
Date: Wed, 13 Mar 1996 09:56:42 +0800
To: perry@piermont.com
Subject: Re: Remailer passphrases
Message-ID: <199603122027.MAA10600@netcom8.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  2:51 PM 3/12/96 -0500, Perry E. Metzger wrote:
>Bill Frantz writes:
>> One of the reasons classical (government) crypto users change keys
>> frequently is to minimize the amount of data compromised by a broken key. 
>> We keep hearing about NSA decrypting 20 year old cyphertext and showing
>> more of the workings of the atomic spy rings operating in the 40s and 50s. 
>> If an opponent can rubber hose the key, her job is easy.  If she has to
>> perform cryptoanalysis, it is much harder.  Remailers should regularly
>> change their keys to avoid compromising previously recorded traffic.  (They
>> can have a long lived key for signing their traffic keys.)
>
>Signed Diffie-Hellman key exchanges have the property known as
>"Perfect Forward Secrecy". Even if the opponent gets your public keys
>it still will not decrypt any traffic for him at all -- it just lets
>him pretend to be you. Thats one reason why protocols like Photuris
>and Oakley use the technique.

Unless I am badly mistaken, these exchanges need interaction, which makes
them unsuitable for simple remailers.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA