don't use encrypt to self (Re: legislating the impossible?)
David Parkinson
dparkins at alien.bt.co.uk
Mon, 06 Jul 1998 14:24:02 +0100
At 10:53 06/07/98 +0100, Ian Brown wrote:
>If you send me a message encrypted to me and you, and I leave the
>ciphertext on my disk thinking it's only accessible by me, I'm wrong.
>It is as vulnerable to compromise of your key as it is mine.
True. In fact if you're in small collaboration group the problem is
multiplied by the number of members - but key compromise is only
one of many threats.
>> I'll admit it does send another copy of the session key,
>> but this has been encrypted with _your_ public key. Is this really
>> a problem?
>
>Yes, because the DTI now has two people it can subpoena rather than one.
Just because you protect the information some other way does not reduce
the targets by one - the only way that you're safe against a subpoena
is by not retaining any record of the email at all. (If you're not
retaining any local record of what you send then "encrypt to self"
would not be turned on anyway).
Adam Back wrote:
>Lets state that more clearly: if people who have long term encryption
>keys (lifetime: years, to decades) send me messages encrypted with
>`encrypt to self' it removes the security I obtain by having short
>lived encryption keys (on those messages).
I'm not too sure I fully agree with that. The long term security of
all messages lies in the hands of both the sender and the recipient(s).
Key compromise is only _one_ way in which that information can leak.
There are many other things that the sender can do (or not do!) to
undermine the protection you apply to that message. Certainly it
reduces the security, but removes it (bearing in mind what else might
go wrong?).
David