On Sat, Sep 05, 1998 at 07:38:09AM -0700, David Honig wrote:

At 10:25 PM 9/4/98 +0200, Zane Lewkowicz wrote:

...

I used to think that the feds would never bother to investigate the likes of us, but i've been proven wrong. So now i assume that all unencrypted mail is scanned (especially in light of ECHELON & UKUSA & such).

And all encrypted mail is archived.

And that is the rub. The real danger of key escrow type schemes lies in the future decryption under a different political and legal climate of half forgotten traffic going back years and years - stuff fetched from vast secret archives of potentially interesting encrypted messages squirelled away in the off chance that some time in the future "they" will be in possession of the key to some of it and interested in the contents. And until crypto is universally used for almost everything, saving the entirety of the 1-5% or so of email traffic that is encrypted on the presumption that it wouldn't have been encrypted if it wasn't important might be a good strategy, even if only a tiny fraction of those messages can ever be broken. And certainly saving all of the cipher email traffic from people identified by traffic analysis (group membership, corrospondance with suspicious or known bad-actor people or places, match to profiles profane and devine, etc) is really a no-brainer. The critical thing needed to protect against this chilling threat is email tools that provide perfect forward secrecy. PGP and the like do not, and capturing thus PGP messages in the hope that later on one has access to the private key is a very useful practice. DH key exchange has been around a long time, but so far the tentacles of the NSA have kept it from being a standard automatic part of sendmail, MS Exchange and qmail... Certainly one might want to enclose PGP or SMIME email messages inside the encrypted tunnel to protect privacy in storage and the "store" of store and forward mail routing, but having a secure transport tunnel in the first place forces the vacuum cleaner hose to be attached in quite different places where it is likely to be much more visible and noticed. And sure IPSEC would be nice, but simply making the ESMTP traffic between a short list of mail router programs opaque would certainly leverage a small effort with a large result whilst upgrading TCP/IP stacks and routers is a large effort... I've long heard that the NSA fills warehouses with high density tapes of cyphertext they can't break or don't want to spend the resources to break on the off chance that later on the key will be available or the information deemed truly important enough for cryptanalysis where possible. And sometimes (as in the Venona decrypts) this pays off... -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18