At 11:52 AM 6/2/98 +0100, Adam Back wrote:
The problem is that someone who has compromised your private keys can
also sign a new key to propogate the trust. If you allowed or defined
the semantics of multiple revocations to be that the old trust was
voided in the case that there is also a `compromise' revocation cert,
then I think you can avoid this problem.
Somewhat similar to seeing a public key on a key server with:
`Don't use compromised' as a self signed user id
followed by a new key signed by the old one anyway.
Formalising what this should imply you shouldn't take any notice of
the self signature as the keys it was made with were compromised.
The user won't create a key compromise cert unless the key is
compromised.
Again, we're in violent agreement.
Jon
-----
Jon Callas jon(_at_)pgp(_dot_)com
CTO, Total Network Security 3965 Freedom Circle
Network Associates, Inc. Santa Clara, CA 95054
(408) 346-5860
Fingerprints: D1EC 3C51 FCB1 67F8 4345 4A04 7DF9 C2E6 F129 27A9 (DSS)
665B 797F 37D1 C240 53AC 6D87 3A60 4628 (RSA)