[messaging] libforwardsec: forward secure encryption for email and asynchronous messaging
ian at cypherpunks.ca
Sat Sep 5 12:28:16 PDT 2015
Overall, a very nice scheme, and it's great you're producing
production-quality code for it!
There's still the potential issue I asked about at the end of your
Oakland talk, though: the forward secrecy only kicks in if the intended
recipient actually _receives_ the original message, which is a slightly
different property than "traditional" forward secrecy. If the TLA
(three-letter agency) doesn't just snoop the message, but actually
intercepts (blocks) it, they can come a-knocking an arbitrary(*) time
later to the intended recipient to compel the key that will decrypt it.
(*) Up to when you _do_ decide to delete old keys, which is when you
give up on any messages that arrive late/desynchronized.
- Ian (not that one)
More information about the Messaging