Minimize lacking PGP forward secrecy with webmail

Minimize lacking PGP forward secrecy with webmail Sun, 07 Sep 2008 04:01:06 -0400 http://bugs.horde.org/ticket/5753 Minimize lacking PGP forward secrecy with webmail PGP lacks forward secrecy, i.e. once a secret key with corre PGP lacks forward secrecy, i.e. once a secret key with corresponding passphrase is known to an attacker, all prior and all future mails can be decrypted if intercepted. Webmail applications are especially vulnerable to keylogger (or looking over ones shoulders) attacks because they are often used in insecure environments. Horde lets you export the secret key thus one successfull attacks suffices to compromise all prios and all future mails. I therefore suggest to omit this "feature" (exporting of the secret key) in future versions. I think, it is not really important for users to export their secret key. If they wish to have a copy on their harddisk, they should have a secure place anyway and thus probably have the possibility to generate a key pair on this system and import it into Horde afterwards. If they want to change to a local mailsystem, they should generate a new key anyway if it was possible to export the key without their knowledge beforehand. Thu, 27 Sep 2007 12:00:28 -0400 http://bugs.horde.org/ticket/5753#t37133 Seems to me like if people use Horde to generate their key t Seems to me like if people use Horde to generate their key they should be able to download it at least at that specific time to back it up - and to get a warning then about losing it, etc. But otherwise this seems reasonable to me. Any other thoughts/objections? Fri, 28 Sep 2007 22:54:13 -0400 http://bugs.horde.org/ticket/5753#t37192 Agreed. Agreed. Sat, 29 Sep 2007 04:26:37 -0400 http://bugs.horde.org/ticket/5753#t37218 > Seems to me like if people use Horde to generate their key > Seems to me like if people use Horde to generate their key they > should be able to download it at least at that specific time to back > it up - and to get a warning then about losing it, etc. But otherwise > this seems reasonable to me. Any other thoughts/objections? the idea with the only download possibility while generating is great. However it might be as well a good idea to give the possibility to view/download a revocation certificate and/or send one to a keyserver (like you can do it with your public key). otherwise there might be the problem that people want to generate a new key, but can't revoke the old one. Sat, 29 Sep 2007 10:16:11 -0400 http://bugs.horde.org/ticket/5753#t37225