rotating encryption sub keys
David Shaw
dshaw at jabberwocky.com
Fri Aug 28 15:06:56 CEST 2009
On Aug 28, 2009, at 2:37 AM, Faramir wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> David Shaw escribió:
> ...
>> Incidentally, there have been proposals to add forward security
>> extensions to OpenPGP. See http://www.apache-ssl.org/openpgp-pfs.txt
>
> As a side note, I am not sure I like these proposals...
>
> "Therefore when a public
> encryption key expires, an OpenPGP client MUST securely wipe the
> corresponding private key [4]."
>
> What if I want to be able to decrypt an old email message? If my
> encryption key was compromised, and my messages were sniffed, I get no
> advantage in deleting my copy of the key and the messages, the
> attacker
> has his own copy of them, and surely won't delete them.
The idea of PFS is not one that works for all situations. For those
that do want PFS semantics, the draft merely shows how to do it in the
context of OpenPGP. Nobody is required to do this. It's strictly opt-
in.
Not being able to decrypt an old message when using PFS is a feature,
not a bug.
David
More information about the Gnupg-users
mailing list