[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Revokation Scheme

To: [email protected]
Subject: Re: Key Revokation Scheme
From: Rich Graves <[email protected]>
Date: Fri, 17 Jan 1997 16:32:55 -0800
Organization: Fans of Nizkor, http://www.nizkor.org/hweb/
References: <[email protected]>
Sender: [email protected]

Bill Stewart wrote:
> 
[...]
>Key revocation certificates don't leak your private keys,
>so the only risk if the Bad Guys get a copy is denial of service,
>including the pain of rebuilding all your connections, etc.;

I concur. Depending on your application (it always depends on your
application), it's probably better to risk a spurious revocation than
an interception.

You needn't completely lose your connection to the web of trust,
either. I've already generated a "next" key signed by my current key,
just in case. No, the path server won't follow revoked keys, but
someone not yet in possession of the revocation certificate is
somewhat more likely to accept a message from someone with a key signed
by your old key and in possession of the revocation certificate.

-rich

References:
- Re: Key Revokation Scheme
  - From: Bill Stewart <[email protected]>

Prev by Date: Telecomm Act Reference (Was Re: Newt's phone calls)
Next by Date: Re: Forgery detection
Prev by thread: Re: Key Revokation Scheme
Next by thread: DSS Secret Info
Index(es):
- Date
- Thread