Tuesday, March 21st, 9:00am
Participants from recent secure email user studies have expressed a need to use secure email tools only a few times a year. At the same time, other Internet users have started expressing concerns over the permanence of personal information on the Internet. The usage models of many secure email tools generally assume long-term use that introduces key management usability problems and leaves all messages to be protected by a single key. We propose that a secure email tool utilizing short-lived keys simultaneously addresses these concerns. Secure email tools supporting short-lived keys will satisfy users' needs because short-lived keys avoid the usability challenges of long-term key management, provide forward secrecy, and are well-suited to brief occasional-use scenarios.