[146878] in cryptography@c2.net mail archive
Re: [Cryptography] In the face of "cooperative" end-points,
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Sun Sep 8 23:56:01 2013
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <586F8E09-1A19-4234-8470-ACE221CF6A99@mac.com>
Date: Sun, 8 Sep 2013 22:39:54 -0400
To: james hughes <hughejp@mac.com>
Cc: "Marcus D. Leech" <mleech@ripnet.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sep 8, 2013, at 7:16 PM, james hughes wrote:
> Let me suggest the following.
>
> With RSA, a single quiet "donation" by the site and it's done. The situation becomes totally passive and there is no possibility knowing what has been
> read. The system administrator could even do this without the executives knowing.
An additional helper: Re-keying. Suppose you send out a new public key, signed with your old one, once a week. Keep the chain of replacements posted publicly so that someone who hasn't connected to you in a while can confirm the entire sequence from the last public key he knew to the current one. If someone sends you a message with an invalid key (whether it was ever actually valid or not - it makes no difference), you just send them an update.
An attacker *could* sent out a fake update with your signature, but that would be detected almost immediately. So a one-time "donation" is now good for a
week. Sure, the leaker can keep leaking - but the cost is now considerably
greater, and ongoing.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography