5.2.0-git
04/18/2014

[#5753] Minimize lacking PGP forward secrecy with webmail
Summary Minimize lacking PGP forward secrecy with webmail
Queue IMP
Queue Version Git master
Type Enhancement
State Stalled
Priority 1. Low
Owners
Requester libre (at) immerda (dot) ch
Created 09/27/2007 (2395 days ago)
Due
Updated 11/13/2013 (156 days ago)
Assigned
Resolved 11/13/2013 (156 days ago)
Milestone
Patch No

History
11/13/2013 04:43:55 AM Michael Slusarz Comment #5
Version ⇒ Git master
Priority ⇒ 1. Low
State ⇒ Stalled
Reply to this comment
See #7375.  Simply put - it is impossible to generate revocation 
certificates from within PHP.  So that's not possible.

As such, it doesn't make much sense to not allow downloading of the 
key after creation.  It would be a giant PITA to generate the key and 
forward to the keyserver, without the ability to alter this later.

It comes down to the amount of trust one has.  If they are not 
comfortable or are afraid of clickjacking, then don't use webmail to 
send PGP messages.  But clickjacking is just as much of a thread on a 
console or an OS, so that can't be the controlling concern.
11/16/2008 04:47:08 PM Chuck Hagenbuch Queue ⇒ IMP
Version ⇒ HEAD
 
09/29/2007 02:16:11 PM horde (at) immerda (dot) ch Comment #4 Reply to this comment
Seems to me like if people use Horde to generate their key they
should be able to download it at least at that specific time to back
it up - and to get a warning then about losing it, etc. But otherwise
this seems reasonable to me. Any other thoughts/objections?
the idea with the only download possibility while generating is great. 
However it might be as well a good idea to give the possibility to 
view/download a revocation certificate and/or send  one to a keyserver 
(like you can do it with your public key). otherwise there might be 
the problem that people want to generate a new key, but can't revoke 
the old one.
09/29/2007 08:26:37 AM Jan Schneider Comment #3
Priority ⇒ 2. Medium
State ⇒ Accepted
Reply to this comment
Agreed.
09/29/2007 02:54:13 AM Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
Seems to me like if people use Horde to generate their key they should 
be able to download it at least at that specific time to back it up - 
and to get a warning then about losing it, etc. But otherwise this 
seems reasonable to me. Any other thoughts/objections?
09/27/2007 04:00:28 PM libre (at) immerda (dot) ch Comment #1
State ⇒ New
Priority ⇒ 3. High
Type ⇒ Enhancement
Summary ⇒ Minimize lacking PGP forward secrecy with webmail
Due ⇒ 09/28/2007
Queue ⇒ Horde Base
Reply to this comment
PGP lacks forward secrecy, i.e. once a secret key with corresponding 
passphrase is known to an attacker, all prior and all future mails can 
be decrypted if intercepted. Webmail applications are especially 
vulnerable to keylogger (or looking over ones shoulders) attacks 
because they are often used in insecure environments. Horde lets you 
export the secret key thus one successfull attacks suffices to 
compromise all prios and all future mails. I therefore suggest to omit 
this "feature" (exporting of the secret key) in future versions.



I think, it is not really important for users to export their secret 
key. If they wish to have a copy on their harddisk, they should have a 
secure place anyway and thus probably have the possibility to generate 
a key pair on this system and import it into Horde afterwards. If they 
want to change to a local mailsystem, they should generate a new key 
anyway if it was possible to export the key without their knowledge 
beforehand.