17 Dec
2003
17 Dec
'03
5:17 p.m.
But I leave nearly all PGP-encrypted messages to me in encrypted form, using the "decrypt to screen" option. So communicated and stored messages are largely the same. This is exactly the situation I referred to yesterday. It's extremely common, I suspect. Tim does it, I do it, and I've no reason to believe that most people do it differently. Keeping the messages around encrypted with your private key does _not_ have forward secrecy. Forward secrecy is a valuable property, and it behooves us to think about how to achieve it. Eric