Keys on public machines

[szabo@techbook.com (Nick Szabo)]

[lost attributions, sorry]
>> I could do an ascii upload of my secret key and never expose my
>> key to disk-storage.
>>
> This is even more dangerous than storing it on the disks of a multi-user
> machine.  Unless you are running in a kerberos environment it is trivial to
> snoop your upload off the network...

I don't find the risk of a real-time snoop to be as bad as the risk
of a future snoop finding my private key alongside encrypted files that 
have been stored forever (backups).

To mitigate either problem, how about having two layers of encryption: a 
private key to decrypt files for reading on a public machine, and a second
public/private pair to reencrypt the files for storage and 
transmission to the home machine.  The public machine knows 
the first private key (if snooped) and the second public key; only the 
home machine knows the second private key.  Snooping the first private 
key compromises only unread and future messages until the key is 
changed.  Messages archived in the reencrypted state are secure, but
messages archived in the unread state with the first private key are 
still compromised forever.  Is backing up mail directories a common 
practice?  Are there (probably system-dependent) ways to avoid backups,
such as anticipating or detecting when backups are about to occur,
hidden directories, file permissions, etc?

Also, this system introduces some user hostility, in that 
reencrypted files cannot be read again until moved to the 
home machine.  

Another idea is to implement the relevant features of Kerberos in
a high-level client/server package that can be used to secure personal 
network communications of this kind.  The package could be distributed 
with PGP.  

Nick Szabo					szabo@techbook.com