-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Aug 29, 2013, at 3:43 AM, Jerry Leichter <[email protected]> wrote:
> - If I need to change because the private key was compromised, there's
> nothing I can do about past messages; the question is what I do to minimize
> the number of new messages that will arrive with a now-known-insecure key.
> This was the case I assumed the previous poster was concerned with.
Personally, I think you shouldn't worry about this.
The real sin is getting an attachment to a key. You are much better off
developing a philosophy of key management in which you use it and then get rid
of it regularly.
If you do this reasonably well, it reduces the chance that a key will get
compromised because its aegis, footprint, shadow, etc. is small. It also
reduces the effect because most likely it takes more time to break the key than
its lifetime; I consider hacking the key, stealing it, etc. to be a form of
breaking. Stealing a key through a 'sploit is also cryptanalysis.
Be Buddist about your keys and have no attachments. (This is also a good
philosophy about mail, but that's a different discussion.)
> - As I outlined things, there was never a reason you couldn't have multiple
> public keys, and in fact it would be a good idea to make traffic analysis
> harder. Adding a new key for "a new facet of your electronic life" is
> trivial.
That's a fine step to a good attitude, but the effect on traffic analysis will
be small or close to nil. Traffic analysis includes social graph analysis and
any good social graph analysis will include probabilities that an entity will
have different personae. Keys are just masks, too, just like a persona.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
wj8DBQFSIC5MsTedWZOD3gYRAmpmAJ0UJ7K9GWo9FLSa8HR1CmSbWRZcgQCgkuif
rbTWOi5eHdxNpRzQ9VkqDBY=
=PpOZ
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
[email protected]
http://www.metzdowd.com/mailman/listinfo/cryptography
