symmetric email encryption

Robert J. Hansen rjh at
Fri Jul 18 19:49:54 CEST 2014

> Symmetric keys and fingerprints have to be exchanged through a secure 
> channel only once.

Whoa, let's back that up a moment.

Fingerprints and symmetric keys need to be exchanged *as often as they
change*.  Which, in the case of symmetric keys, is quite frequently.
If/when a key is compromised, all traffic that has been generated or
will be generated with that key gets compromised, and there's no
guarantee about whether you'll know the key is compromised -- so it's
only sane to have an agreed-upon rekeying policy.  "Keys will be used
for three days tops", for instance, limits your exposure to a three-day
window, but it requires you to rekey every few days.

Key management is a killer problem.  If you don't take it dead seriously
it'll hug you and love you and name you George[*].


More information about the Gnupg-users mailing list