-----BEGIN PGP SIGNED MESSAGE----- [To: perry@piermont.com] [cc: cypherpunks@toad.com] [Subject: Re: Remailer passphrases ] [In-reply-to: Your message of Tue, 12 Mar 96 14:51:47 EST.] <199603121951.OAA02237@jekyll.piermont.com> "Perry E. Metzger" <perry@piermont.com> enscribed:
Bill Frantz writes:
One of the reasons classical (government) crypto users change keys frequently is to minimize the amount of data compromised by a broken key. We keep hearing about NSA decrypting 20 year old cyphertext and showing more of the workings of the atomic spy rings operating in the 40s and 50s. If an opponent can rubber hose the key, her job is easy. If she has to perform cryptoanalysis, it is much harder. Remailers should regularly change their keys to avoid compromising previously recorded traffic. (They can have a long lived key for signing their traffic keys.)
Signed Diffie-Hellman key exchanges have the property known as "Perfect Forward Secrecy". Even if the opponent gets your public keys it still will not decrypt any traffic for him at all -- it just lets him pretend to be you. Thats one reason why protocols like Photuris and Oakley use the technique.
True, but when the problem at hand is sending mail to a remailer, the technique is of little or no value, since there is no initial exchange, right? So this is a misleading argument. At least it is related to cryptography and The Cypherpunk Agenda(tm)! Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMUX9UIHskC9sh/+lAQGItwP+IfITBi+LUAcV9O1w6071zvmNaDQNC5nG OVe34+h5kKDyBnb2bLuVX5zEtuS56tiE0mgEaD5nevoRLijW1qqCRAsxi9/pfKcp tjWzU1qbUptkJn8LBZPzFXGsXuHh6cF/W1Zk1q+81KURRkH0glYI2u0HY740YF7J dxidEBZRQKc= =8F6m -----END PGP SIGNATURE-----