<table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top"><div id='yahoo__compose_area' style="background-color:white; display:block; font-family:HelveticaNeue-Regular,Helvetica;">Again, this is intended to guard against a very specific sort of attack that is not considered by Dolev-Yao-like threat models. <div><br></div><div>It is, however, a realistic attack: It includes cases where, e.g., an adversary hacks into a server storing encrypted email (where headers are encrypted) and attempts to reconstruct communication network information. </div><div><br></div><div>(This information is extremely useful for APT-like attackers: It gives them, e.g., targeting information for spear-phishing.)<br><br><br>- dlg<br>Y!-e2e</div></div><div id='yahoo__original_message' class='yQTDBase'><br><blockquote style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex; ">At Jan 18, 2015, 7:58:51 PM, steve@actor.im<'steve@actor.im'> wrote:<div>What's
the point of reencryption? We still has messages that encrypted by the old key and we can try to crack old key (by brute force, for ex), so we can keep only new messages safe.</div><div> </div><div>19.01.2015, 03:55, "David Gil" <dgil@yahoo-inc.com>:</div><div class="yQTDBase yqt7284829075" id="yqt08227"><blockquote type="cite"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;"><div><span>Re-encryption by clients is essential. Anything else does not preserve any of the useful security properties of PFS.</span></div><div><span> </span></div><div><span>In particular, if the sender and recipient store the same thing, it is later possible for an attacker to discover -- purely from the encrypted messages -- whether users have exchanged messages.</span></div><div><span> </span></div><div>Symmetric keys are short: it's feasible to use per-message keys in most
situations. (And this it the simplest to implement thing.)</div><div> </div><div> </div><div><div>- dlg </div></div><div><br clear="none"><br clear="none"></div><div style="display:block;"><div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;"><div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"><div><font face="Arial" size="2"> On Sunday, January 18, 2015 3:51 PM, "<a rel="nofollow" shape="rect" ymailto="mailto:steve@actor.im" target="_blank" href="javascript:return">steve@actor.im</a>" <<a rel="nofollow" shape="rect" ymailto="mailto:steve@actor.im" target="_blank" href="javascript:return">steve@actor.im</a>> wrote:<br clear="none"> </font></div><br clear="none"><br clear="none"><div><div><div><div>Re-encrypt and upload all messages? Seems to be weird for mobile world. And i don't understand how re-encrypting help to preserve PFS,
we still has only one single long-term key for everything and it must be enough to decrypt messages.</div><div> </div><div>15.01.2015, 12:06, "Natanael" <<a rel="nofollow" shape="rect" ymailto="mailto:natanael.l@gmail.com" target="_blank" href="javascript:return">natanael.l@gmail.com</a>>:</div><div><blockquote type="cite"><div><br clear="none"> Den 15 jan 2015 03:47 skrev <<a rel="nofollow" shape="rect" ymailto="mailto:steve@actor.im" target="_blank" href="javascript:return">steve@actor.im</a>>:<br clear="none"> ><br clear="none"> > Hi everyone,<br clear="none"> ><br clear="none"> > Are there some best practices for keeping all encrypted message history securely on server or on client for accessing them later with single hardware or software key like ubikey?</div><div>To preserve PFS, let the client re-encrypt and upload. The client cloud sign or MAC the ciphertext to prevent modification.</div></blockquote></div><div> </div><div> </div><div>--
</div><div>Steve K,</div><div>CEO Actor.im</div><div> </div></div></div><br clear="none"><div>_______________________________________________<br clear="none">Messaging mailing list<br clear="none"><a rel="nofollow" shape="rect" ymailto="mailto:Messaging@moderncrypto.org" target="_blank" href="javascript:return">Messaging@moderncrypto.org</a><br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="https://moderncrypto.org/mailman/listinfo/messaging">https://moderncrypto.org/mailman/listinfo/messaging</a></div><br clear="none"><br clear="none"></div></div></div></div></div></div></blockquote></div><div> </div><div> </div><div>-- </div><div>Steve K,</div><div>CEO Actor.im</div><div> </div><div></div></blockquote></div></html></td></tr></table>