rotating encryption sub keys

David Shaw dshaw at
Fri Aug 28 15:06:56 CEST 2009

On Aug 28, 2009, at 2:37 AM, Faramir wrote:

> Hash: SHA256
> David Shaw escribió:
> ...
>> Incidentally, there have been proposals to add forward security
>> extensions to OpenPGP.  See
>  As a side note, I am not sure I like these proposals...
> "Therefore when a public
>    encryption key expires, an OpenPGP client MUST securely wipe the
>    corresponding private key [4]."
>  What if I want to be able to decrypt an old email message? If my
> encryption key was compromised, and my messages were sniffed, I get no
> advantage in deleting my copy of the key and the messages, the  
> attacker
> has his own copy of them, and surely won't delete them.

The idea of PFS is not one that works for all situations.  For those  
that do want PFS semantics, the draft merely shows how to do it in the  
context of OpenPGP.  Nobody is required to do this.  It's strictly opt- 

Not being able to decrypt an old message when using PFS is a feature,  
not a bug.


More information about the Gnupg-users mailing list