[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Revokation Scheme



At 11:32 PM 1/14/97 -0500, [email protected] wrote:
>I started thinking about the issue, how to set up a system to have
>somebody else revoke your key for you, if you don't have the means
>to do so yourself.
>The possible case I had in mind was, what if you're maybe a
>dissident, you get arrested and your apartment (incl. disks/keys)
>gets raided. You don't have any means to revoke the key yourself,
>don't even have e-mail in general, and with the "one phone call",
	[.... method deleted .... lawyer, alice, bob, ... ]

Too complex for what you're really doing.  Give your lawyer a floppy
with the key revocation certificate and a yellow sticky about how
to call Alice or Bob for help if your lawyer's not computer-literate
enough to follow the README file.  If you're paranoid about the cops
getting your unindicted co-conspirators' names, use PGP Inc.
or some computer consultant instead of Alice and Bob and have your
lawyer pay their per-hour rate.  On your One Phone Call,
tell him to get the floppy out of the sealed envelope in his safe
and use it.

Key revocation certificates don't leak your private keys,
so the only risk if the Bad Guys get a copy is denial of service,
including the pain of rebuilding all your connections, etc.;
it doesn't leak your communications or allow them to forge mail.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)