cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1997-10-13 - Re: D-H Forward Secrecy for E-Mail?

Header Data

From: “William H. Geiger III” <whgiii@invweb.net>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: 21d19067be8e3d0c4dfafa6d4376fe51c07b6607d1ec168a001d3e80edab44d4
Message ID: <199710130223.WAA15345@users.invweb.net>
Reply To: <199710130116.CAA01032@server.test.net>
UTC Datetime: 1997-10-13 02:32:36 UTC
Raw Date: Mon, 13 Oct 1997 10:32:36 +0800

Raw message

From: "William H. Geiger III" <whgiii@invweb.net>
Date: Mon, 13 Oct 1997 10:32:36 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: D-H Forward Secrecy for E-Mail?
In-Reply-To: <199710130116.CAA01032@server.test.net>
Message-ID: <199710130223.WAA15345@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain



In <199710130116.CAA01032@server.test.net>, on 10/13/97 
   at 02, Adam Back <aba@dcs.ex.ac.uk> said:

>As pgp 5.0 uses key servers directly from the mail client (and some other
>clients do also), this all works out because you just publish your new
>weekly communications key on the keyserver, and this eliminates the need
>for interactive communications with your recipient which true DH PFS
>requires.  In fact I think you could do this right now, if you made it
>clear to others that your key has short expiry in your .signature or
>whatever.  As I mentioned in another post David Wagner currently does
>just this.

Adam,

Have you considered the logistical nightmare that this would cause?? I can
see that you are unaware of the precarious state the current PGP Public
Key Server Network is in. Right now it is getting by but this increase in
load would bring it all to a screeching halt. There have been suggestions
of moving key distributution to the DNS but I seriously doubt even it
would handle the traffic.

Also what happens to the "web of trust" in such a system of high key
turnover?

Exactly how much added security is provided by all of this?? While Forward
security via DH "may" be more secure is the added expense of implementing
such a system justified?? We all could switch to using OTP's for maximum
security but I doubt that few if any would justify the cost of such a
system.

PS: current PGP key format does have a field for key expiration. Until 5.0
it was only used in the Viacrypt version.

-- 
---------------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html                        
---------------------------------------------------------------

Thread