An Improved E-Mail Security Protocol

B. Schneier and C. Hall

13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 232-238.


Current e-mail security systems base their security on the secrecy of the long-term private key. If this private key is ever compromised, an attacker can decrypt any messages—past, present, or future—encrypted with the corresponding public key. The system described in this paper uses short-term private-key/public-key key pairs to reduce the magnitude of this vulnerability.

[full text – postscript] [full text – LaTeX]

Categories: Protocol Designs

Sidebar photo of Bruce Schneier by Joe MacInnis.