[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key for Alice as promised (not)


Hello Jon Lasser <[email protected]>
  and [email protected] (jim bell)
  and [email protected]

jim bell wrote:
> >On Tue, 28 Nov 1995, Adam Hupp wrote:

One reason why Alice might not want to use PGP would be that posession
of the secret key would be ipso facto evidence that he is Alice.

> spoofed, HE WILL KNOW because he will see a message with his signature that
> HE KNOWS he didn't send.  At that point, he will at least be able to reduce
> the number of spoofed messages to 1 before he alerts us that there is a
> problem.  We won't necessarily know who to believe, of course, but we will

Who to believe: at that stage, Alice will simply cease to exist.
The key will be revoked and Alice will be no more. A new Alice may
or may not arise, but no-one will know if it's the same one.

If Alice is afraid of loss of identity (as if he had one now),
he could have a permanent key at home (where he does his OTP work),
and on his e-mail machine have only a temporary key. When the key
on the public machine is compromised, it is revoked and a new one
is issued.

(The same can be done with real-name keys, BTW; viz my own key.)

> 3.  Somebody found out how to break 1024-bit PGP keys easily.  (Very
> unlikely, of course.)

In this case I think we are all stuffed.


- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

Version: 2.6.2i