In <199710130116.CAA01032@server.test.net>, on 10/13/97 at 02, Adam Back <aba@dcs.ex.ac.uk> said:
As pgp 5.0 uses key servers directly from the mail client (and some other clients do also), this all works out because you just publish your new weekly communications key on the keyserver, and this eliminates the need for interactive communications with your recipient which true DH PFS requires. In fact I think you could do this right now, if you made it clear to others that your key has short expiry in your .signature or whatever. As I mentioned in another post David Wagner currently does just this.
Adam, Have you considered the logistical nightmare that this would cause?? I can see that you are unaware of the precarious state the current PGP Public Key Server Network is in. Right now it is getting by but this increase in load would bring it all to a screeching halt. There have been suggestions of moving key distributution to the DNS but I seriously doubt even it would handle the traffic. Also what happens to the "web of trust" in such a system of high key turnover? Exactly how much added security is provided by all of this?? While Forward security via DH "may" be more secure is the added expense of implementing such a system justified?? We all could switch to using OTP's for maximum security but I doubt that few if any would justify the cost of such a system. PS: current PGP key format does have a field for key expiration. Until 5.0 it was only used in the Viacrypt version. -- --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html ---------------------------------------------------------------