[Top] [All Lists]

Re: draft-ietf-openpgp-rfc2440bis-06.txt

2002-09-25 02:27:58
On Tue, 2002-09-24 at 16:37, Derek Atkins wrote:
[...]If the
attacker controls the keyserver and can remove revocations then
obviously this doesn't work, but I don't think an attacker can control
that many data points.

Depending on the attack scenario, it might suffice when one person does
not see a revocation certificate during a limited timeframe (while they
send some vital documents encrypted to the compromised key).

This only requires control of the network connection of one machine for
a specific time. Absolutely feasible.

-- vbi

secure email with gpg                 

NOTICE: subkey signature! request key 92082481 from

Attachment: signature.asc
Description: This is a digitally signed message part