[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revoking Old Lost Keys
There hav been a lot of replies to the original
question, but I think a lot of people are missing
a simple solution.
>>At 7:07 AM 1/6/96, Bruce Baugh wrote:
>>>I'd like to bring up a problem I haven't seen addressed much yet, and whic
h
>>>I think is going to come up with increasing frequency as PGP use spreads.
>>>
>>>The problem is this: how can one spread the word that an old key is no
>>>longer to be used when one no longer has the pass phrase, and cannot
>>>therefore create a revocation certificate?
You create a revocation certificate at the time
you create the key, and store it somewhere (I'd
recommend putting it on a floppy). Then either
give it to your lawyer, with a note saying "If I
forget the passphrase, give me back this", or
just write a note to yourself, and store it in a
place where you'll find it when the time comes.
It is inconvenient if a nasty third party finds it
while you were still using the key, but much less
damaging than if they found the password.
(Someone wrote that PGP doesn't support revocation
certificates. This is not correct.)
Greg.
Greg Rose INTERNET: [email protected]
Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921
28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr/
French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45
NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director.