<html><body><span class="xfm_41845472">Another approach with proposed scheme:<br/>receiver can punctures decryption key regularly with known time-period. So sender can manages PFS himself: send message with "best before" life-time (while receiver still viable and honest of course). This can be useful in some cases.<br/><br/></span><img src="https://mail.ukr.net/api/public/message_read?a=gKmgv9dJOFKr1qfkfopsNCLgDtI_E83rVVFOfbXKJRCpdSxNt5WL_vBmkaGOcFv9xXRtWaid46LYmeQ0bqNoVQxfa0ZB4xCsxIRrcxgxFg==" alt="" width="1" height="1" style="visibility: hidden; width: 1px; height: 1px;"/> </body></html>