Bill Stewart wrote:
I don't understand the threat model here. The usual models are
- Recipient's Computer Disk automatically backed up to optical storage at night
- No sense subpoenaing cyphertext when you can subpoena plaintext.
In terms of threats actually seen in the real world
leading to costs, etc, I would have thought that the
subpoena / civil / criminal case would be the largest.
In this case, the threat might be something like:
- Recipient forwards plaintext to someone who
forwards it to someone who is a threat, where
the number of links between Recipient and Threat
are from 0 to many. Zero means, one year later,
Recipient becomes threat.
- Hard for the sender to detect and work around.
- Could be mitigated by contract provisions,
such as email clients that automatically
attach "Confidential" tags on or otherwise
arrange for emails to be excepted from civil
- Could the email clients use digsigs to
evidence entry into confidential comms?
As this threat is real, persistent and growing in
popularity, the obsession of perfectly covering more
crypto-savvy threats seems .. unbalanced?
----- BEGIN PGP SIGNED MESSAGE
Alice - I've sent you an encrypted message at
This URL will self-destruct in 5 business days.
----- END PGP SIGNED MESSAGE
Ahhhh, now if one could implement a message that self-
destructed on the recipient's machine, that would
start to improve security against the above outlined
threat. I've toyed with the notion of integrating
contracts negotiation into clients, such that mailers
automatically delete messages agreed earlier to have
But, it seems that even in the chat world, there are
vast numbers of people that routinely save every chat
message / session. So it needs to be an advisory
negotiation only. Hence, my thought that if we could
add a contract / in-confidence / without prejudice
label on the message, even if the recipient kept a
copy (via override) then at least it could be locked
out of civil court proceedings *.
* In some sense or other, if the term "WITHOUT
PREJUDICE" is put on correspondence, that makes it
confidential and protects it from being brought in
to civil proceedings. Normal IANAL caveats apply.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]