[#5753] Minimize lacking PGP forward secrecy with webmail
Summary Minimize lacking PGP forward secrecy with webmail
Queue Horde Base
Queue Version 3.1.4
Type Enhancement
State Accepted
Priority 2. Medium
Owners
Requester libre (at) immerda (dot) ch
Created 09/27/2007 (228 days ago)
Due 09/27/2007 (228 days ago)
Updated 09/29/2007 (226 days ago)
Assigned
Resolved
Attachments
Milestone
Patch

History
09/29/2007 horde (at) immerda (dot) ch Comment #4 Reply to this comment
> Seems to me like if people use Horde to generate their key they
> should be able to download it at least at that specific time to back
> it up - and to get a warning then about losing it, etc. But otherwise
> this seems reasonable to me. Any other thoughts/objections?

the idea with the only download possibility while generating is great. However it might be as well a good idea to give the possibility to view/download a revocation certificate and/or send  one to a keyserver (like you can do it with your public key). otherwise there might be the problem that people want to generate a new key, but can't revoke the old one.
09/29/2007 Jan Schneider Comment #3
Priority ⇒ 2. Medium
State ⇒ Accepted
Reply to this comment
Agreed.
09/28/2007 Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
Seems to me like if people use Horde to generate their key they should be able to download it at least at that specific time to back it up - and to get a warning then about losing it, etc. But otherwise this seems reasonable to me. Any other thoughts/objections?
09/27/2007 libre (at) immerda (dot) ch Comment #1
Queue ⇒ Horde Base
State ⇒ New
Type ⇒ Enhancement
Priority ⇒ 3. High
Summary ⇒ Minimize lacking PGP forward secrecy with webmail
Due ⇒ 09/27/2007
Reply to this comment
PGP lacks forward secrecy, i.e. once a secret key with corresponding passphrase is known to an attacker, all prior and all future mails can be decrypted if intercepted. Webmail applications are especially vulnerable to keylogger (or looking over ones shoulders) attacks because they are often used in insecure environments. Horde lets you export the secret key thus one successfull attacks suffices to compromise all prios and all future mails. I therefore suggest to omit this "feature" (exporting of the secret key) in future versions.

I think, it is not really important for users to export their secret key. If they wish to have a copy on their harddisk, they should have a secure place anyway and thus probably have the possibility to generate a key pair on this system and import it into Horde afterwards. If they want to change to a local mailsystem, they should generate a new key anyway if it was possible to export the key without their knowledge beforehand.