On Thu, Sep 26, 2013 at 10:40 PM, Carl Wallace <[email protected]>wrote:
> > From: Phillip Hallam-Baker <[email protected]> > Date: Thursday, September 26, 2013 8:12 PM > To: <[email protected]> > Cc: SM <[email protected]>, perpass <[email protected]>, Bjoern Hoehrmann < > [email protected]> > Subject: Re: [perpass] A proposal for developing PRISM-Proof email > > > Another would be to get an EV cert and use that to endorse EE certs as > legit. Consumers are not going to want to spend that sort of money but it > is probably the cheapest solution for an enterprise. > > > Another would be to encrypt using multiple keys for each recipient. This > could help with the multiple device problem. The set of keys used could > include a key for a filter if desired. > I came to the exact opposite conclusion, that the decryption key needs to be shared across every device and with no predetermined expiry. You have no idea which of the devices I use that I might read your email on. I have 2 desktops, 2 iphones, one iPad and 3 laptops in regular use. And that is just the ones that I consider essential. The set of devices changes at least once a year. The MacBook typically lasts about 6 months between visits to Apple customer service. There is no security advantage to having mail sent to me encrypted under a different key per device. There is however an advantage to having mail signed under a different key per device and not sharing those across devices . -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
