| Summary | Minimize lacking PGP forward secrecy with webmail |
| Queue | Horde Base |
| Queue Version | 3.1.4 |
| Type | Enhancement |
| State | Accepted |
| Priority | 2. Medium |
| Owners | |
| Requester | libre (at) immerda (dot) ch |
| Created | 09/27/2007 (228 days ago) |
| Due | 09/27/2007 (228 days ago) |
| Updated | 09/29/2007 (226 days ago) |
| Assigned | |
| Resolved | |
| Attachments | |
| Milestone | |
| Patch |
> Seems to me like if people use Horde to generate their key they
> should be able to download it at least at that specific time to back
> it up - and to get a warning then about losing it, etc. But otherwise
> this seems reasonable to me. Any other thoughts/objections?
the idea with the only download possibility while generating is great. However it might be as well a good idea to give the possibility to view/download a revocation certificate and/or send one to a keyserver (like you can do it with your public key). otherwise there might be the problem that people want to generate a new key, but can't revoke the old one.
Priority ⇒ 2. Medium
State ⇒ Accepted
Agreed.State ⇒ Feedback
Seems to me like if people use Horde to generate their key they should be able to download it at least at that specific time to back it up - and to get a warning then about losing it, etc. But otherwise this seems reasonable to me. Any other thoughts/objections?Queue ⇒ Horde Base
State ⇒ New
Type ⇒ Enhancement
Priority ⇒ 3. High
Summary ⇒ Minimize lacking PGP forward secrecy with webmail
Due ⇒ 09/27/2007
PGP lacks forward secrecy, i.e. once a secret key with corresponding passphrase is known to an attacker, all prior and all future mails can be decrypted if intercepted. Webmail applications are especially vulnerable to keylogger (or looking over ones shoulders) attacks because they are often used in insecure environments. Horde lets you export the secret key thus one successfull attacks suffices to compromise all prios and all future mails. I therefore suggest to omit this "feature" (exporting of the secret key) in future versions.
I think, it is not really important for users to export their secret key. If they wish to have a copy on their harddisk, they should have a secure place anyway and thus probably have the possibility to generate a key pair on this system and import it into Horde afterwards. If they want to change to a local mailsystem, they should generate a new key anyway if it was possible to export the key without their knowledge beforehand.