Key Revokation Scheme

Rich Graves rcgraves at disposable.com
Fri Jan 17 16:35:12 PST 1997


Bill Stewart wrote:
> 
[...]
>Key revocation certificates don't leak your private keys,
>so the only risk if the Bad Guys get a copy is denial of service,
>including the pain of rebuilding all your connections, etc.;

I concur. Depending on your application (it always depends on your
application), it's probably better to risk a spurious revocation than
an interception.

You needn't completely lose your connection to the web of trust,
either. I've already generated a "next" key signed by my current key,
just in case. No, the path server won't follow revoked keys, but
someone not yet in possession of the revocation certificate is
somewhat more likely to accept a message from someone with a key signed
by your old key and in possession of the revocation certificate.

-rich






More information about the cypherpunks-legacy mailing list