[7778] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (Ted Lemon)
Wed Sep 6 15:48:50 2000
Message-Id: <200009061802.e86I2wF01311@grosse.bisbee.fugue.com>
To: Ray Dillinger <bear@sonic.net>
Cc: cryptography@c2.net
In-Reply-To: Message from Ray Dillinger <bear@sonic.net>
of "Wed, 06 Sep 2000 07:09:01 MST." <Pine.LNX.4.21.0009060705250.2500-100000@bolt.sonic.net>
Date: Wed, 06 Sep 2000 11:02:58 -0700
From: Ted Lemon <mellon@nominum.com>
> So I would prefer to work with a CA where it is not a *necessary*
> condition for a revocation.
Why would someone grabbing your red and blue disks compromise your
key? You have it encrypted, right? The encryption key is only
present in wetware, right? :'}
I generally don't think of "somebody stealing the red and blue disks"
as the way that keys get compromised - rather, keys get compromised
because someone successfully tricks you into revealing them, perhaps
with a trojan horse, and when you realize the key has been compromised
(hopefully quickly) you revoke it. Am I dreaming here?
_MelloN_
