[cryptography] Forward Secrecy Extensions for OpenPGP: Is this still a good proposal?

Adam Back adam at cypherspace.org
Tue Sep 10 16:09:26 EDT 2013

You know coincidentally we (the three authors of that paper) were just
talking about that very topic in off-list (and PGP encrypted:) email.

I remain keen on forward-secrecy, and it does seem to be in fashion again
right now.

Personally I think we in the open community need to up our game an order of
magnitude.  We thought we won the last crypto wars when mandatory key escrow
was abandoned, and US crypto export regs basically scrapped.  But it turns
out instead they just went underground and sabotaged everything they could
gain influence over with a $250m/year black budget and limited regard for
law, ethics and human rights.  Apparently including SSL MITMs using CAs

You've got to think (NSA claims to be the biggest employer of
mathematicians) that seeing the illegal activities the US has been getting
up to with the fruits of their labour that they may have a mathematician
retention or motivation problem on their hands.  Who wants their life's work
to be a small part in the secret and illegal creation of a surveillance
state, with a real risk of creating the environment for a hard to recover
fascist political regime over the next century if the events allow even
worse governments to get in that further overthrow democratic pretense.

How about this for another idea, go for TLS 2.0 that combines ToR and TLS,
and deprecate HTTP (non TLS) and TLS 1.x and SSL.  Every web server a ToR
node, every server an encrypted web cache, many browsers a ToR node.

Do something to up the game, not just blunder along reacting and failing
year on year to deploy fixes for glaring holes.


On Tue, Sep 10, 2013 at 08:35:08PM +0200, Fabio Pietrosanti (naif) wrote:
>Hi all,
>i just read about this internet draft "Forward Secrecy Extensions for
>OpenPGP" available at
>http://tools.ietf.org/html/draft-brown-pgp-pfs-03 .
>Is it a still good proposal?
>Should it be revamped as an actual improvement of currently existing use
>of OpenPGP technology?

More information about the cryptography mailing list