D-H Forward Secrecy for E-Mail?

[Tim May]

At 10:33 AM -0700 10/13/97, Attila T. Hun wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>    great idea, Tim. [total previous text follows my comments]
>
>    paraphrase of Tim's basic suggestion:
>
>        ...to consider DH session keying in real time or the latency of
>        maybe IRC, etc (several seconds?) to be able to dispose of the
>        session keys which makes subpoenas signifantly more difficult.
...

Just to clarify, I am far from the first to suggest this. In fact, my
ramblings were inspired by seeing Adam Back's comments (and he was of
course not the first either to discuss the advantages of perfect forward
secrecy for e-mail).

Probably my latest ramblings have a lot to do with the posts about the
Comsec secure phone. It, of course, offers perfect forward secrecy. To wit,
if the Feds demand that I produce the keys used for a phone call I had last
week with Hugh Daniel, for example, I can honestly shrug and say "You don't
seem to understand these things."

Lots of advantages to somehow applying this to e-mail. (As Lee Tien and
others have noted, the D-H protocol can be applied to e-mail. A point cited
by Diffie and Hellman about 20 years ago. The issue is integration with
mailers, latency times, etc.)

--Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^2,976,221   | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."