On Tue, 2002-09-24 at 16:37, Derek Atkins wrote:
[...]If the
attacker controls the keyserver and can remove revocations then
obviously this doesn't work, but I don't think an attacker can control
that many data points.
Depending on the attack scenario, it might suffice when one person does
not see a revocation certificate during a limited timeframe (while they
send some vital documents encrypted to the compromised key).
This only requires control of the network connection of one machine for
a specific time. Absolutely feasible.
cheers
-- vbi
--
secure email with gpg http://fortytwo.ch/gpg
NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com
signature.asc
Description: This is a digitally signed message part