On Sep 8, 2013, at 7:16 PM, james hughes wrote: > Let me suggest the following. > > With RSA, a single quiet "donation" by the site and it's done. The situation > becomes totally passive and there is no possibility knowing what has been > read. The system administrator could even do this without the executives > knowing. An additional helper: Re-keying. Suppose you send out a new public key, signed with your old one, once a week. Keep the chain of replacements posted publicly so that someone who hasn't connected to you in a while can confirm the entire sequence from the last public key he knew to the current one. If someone sends you a message with an invalid key (whether it was ever actually valid or not - it makes no difference), you just send them an update.
An attacker *could* sent out a fake update with your signature, but that would be detected almost immediately. So a one-time "donation" is now good for a week. Sure, the leaker can keep leaking - but the cost is now considerably greater, and ongoing. -- Jerry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography