[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revoking Old Lost Keys
-----BEGIN PGP SIGNED MESSAGE-----
Tim May writes:
> If one can safely and securely store a revocation certificate for later
> use, why not just store the much shorter passphrase?
Well, you're dealing with very different threats in the two cases AFAICS.
With your passphrase and private key, someone can forge your signature, read
your encrypted incoming mail, etc. With your revocation certificate and
private key, about all they can do is revoke your key and force you to
create a new one. I certainly find the latter prospect much less alarming --
by far the lesser of two evils. Heck, it's good to update keys periodically,
so they might even be doing me a favor of sorts ;)
Futplex <[email protected]>
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMO65WSnaAKQPVHDZAQEIngf+OnXNLpkc4MlE+F0O24lCgso29k0cYRiW
jOHKJJfl9ryfaM/WT8eyRLIbWhO7A2qMGSF9nlRUCuhLBgQuX6tmboTwDPW3RPzq
jKbZ6LO615w0xPhZpDQO/B963sF0UOcIc0v49k1Ua6biUeEQ/0luYn7nQPD9RVDV
pb0qkk201qgVDkXXxPR+hN/HXstI0mc2+HjQjAhHiIOLyiMN3aPwGDH1XmHP5UiE
TVw+M9cAqyC863KMg+WEkIGXvdwLJ2or6QQ07i50Zwl905mSFd9+nHVx5HLbkKFa
UZvwU46zZXx069MIKHLFY2hX1ZqgR5eGGHUa6bZbMkeIjSl50IzILA==
=ssJd
-----END PGP SIGNATURE-----