Ileana: > Hello, > > I am curious if there is a built-in or optional way to do a > diffie-hellman key exchange over PGP encrypted email. Such that > subsequent emails could be forward secret? > > Is there some program already out there that each party can use to > generate ascii cut and paste primes and factors? It seems like it > would be a simple program to write. > > Is there any plans to encorporate such functionality in to GNUPG? > > Thanks, > > Ileana
I find that interesting. It's sad, that gnupg doesn't have forward secrecy. Have you found this already? forward secrecy Forward Secrecy Extensions for OpenPGP, Brown, Back, Laurie (how to add forward-secrecy to OpenPGP -- forward-secrecy makes it harder for someone to obtain your private key -- because the private keys are deleted as soon as practical after use). http://www.cypherspace.org/openpgp/pfs/openpgp-pfs.txt It would be interesting to know what the state of that is and awesome if you push that idea forward. And alternatively, if adding forward secrecy to GPG fails, have you thought about applying OTR for e-mail? That way looks even more attractive to me. If you can break down OTR for e-mail as simple as "let's meet and compare our fingerprints", that'd be awesome. There could be issues, but perhaps nothing you can't solve. As far I understand OTR is more designed for low latency, but I don't see why it couldn't be tweaked. Only the dh key exchange happens with low latency? You could add one button "new session" (or so) and another one "End this Subject". With each new subject, use another dh key. And with each new subject, prepare one, two or a few dh keys (in e-mail text or header, hidden from user). Of course it requires more thought. Might be useful to propose it on the OTR list in case you find that interesting. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users