Quote from: kmfkewm on January 02, 2013, 06:18 amI never argued in favor of Torchat I am actually quite against it :P. I never said you were in favour of it; you actually stated earlier that you weren't in favour of it -- a position I wholeheartedly agree with. Quote from: kmfkewm on January 02, 2013, 06:18 amCurrently all end user implementations of DH with forward secrecy that I am aware of require both users to be on at the same time, however this is not an underlying requirement of the system it is merely how it has been implemented so far. Ok, I wasn't aware of that. Quote from: kmfkewm on January 02, 2013, 06:18 amThe same exact thing can be done with RSA, you just exchange a brand new keypair with every person you communicate with, and you delete it after each message, and with each message you send a new public key for the next message to be encrypted to. It really isn't anything to do with DH or RSA, it is just the DH cryptosystems I have seen tend to go towards this approach and the RSA implementations I have seen tend to go towards long term keys. Of course an end user actually juggling so many keys is pretty much impossible, systems like this need to be built right into the software like with OTR. Right now there is a system being developed that is similar to Mixminion but more secure from long term intersection attacks, fully internal without any reliance on E-mail addresses, with encryption like OTR built into it and supporting group communications. It will be pretty interesting I think.Generating new public keys for each message seems like overkill to me. You would almost be better off using a random physical process (e.g. dice with diceware) to generate strings that could be used with conventional encryption. You could still use public keys for signing, to assure that the messages were not tampered-with in transit. That way you wouldn't have to clutter-up your keyrings with a ton of one-time public keys, or spend time pruning said keys from your keyring. NC