-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 13.03.2014 17:39, schrieb Daniel Kahn Gillmor: > > what is the advantage of this approach? what threat are you trying > to defend against? > > I'll work from the assumption that you are worried that an > attacker might compromise one of your machines, copy that machine's > decryption key, and then use its key do decrypt messages that had > been sent prior to the compromise. > > In this case, having your recipients encrypt every message to all > three keys is *exactly* as risky as having a single key shared > across all machines -- a compromise of any one of the machines > results in a decryption of all messages. >
One use case would be, if you use portable thunderbird only those encrypted messages get compromised which can be decrypted by the local key and which were composed in a certain time-frame. On my side, I still can read messages friend send me, which are only encrypted to e.g. make mass surveillance harder. But they don't have actual "important" content. On the other side, those friends of mine, more worried about the topic in general know how to only use my safer key. So the basic idea is, I'm always reachable via encryption but for insecure devices I have a short living key which I can change frequently while I still have a long term key out there which can more more trusted. I don't know if this makes much sense or if are there better ways. Or maybe thats a stupid problem to think about at all. I just thought about using gpg for multiple devices (especially insecure mobile ones) and approaches to increase the security. And now I want to see, what is technical possible and if there is a solution to it. If not maybe someone at least also starts thinking about the problem and comes up with a good solution. Martin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlMh+CkACgkQ/6vdZgk46sg1xwCgk3b9UyFmpOvAwoPQNIIXe1L+ /d4An1j5QQzTyKWVNNQhkyWd7+ejnrOG =Cas0 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users