ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: draft-ietf-openpgp-rfc2440bis-06.txt

2002-09-25 02:27:58
from [Adrian von Bidder] [Permanent Link] 
On Tue, 2002-09-24 at 16:37, Derek Atkins wrote:

[...]If the
attacker controls the keyserver and can remove revocations then
obviously this doesn't work, but I don't think an attacker can control
that many data points.


Depending on the attack scenario, it might suffice when one person does
not see a revocation certificate during a limited timeframe (while they
send some vital documents encrypted to the compromised key).

This only requires control of the network connection of one machine for
a specific time. Absolutely feasible.

cheers
-- vbi

-- 
secure email with gpg                           http://fortytwo.ch/gpg

NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Comments on ECC draft, Dominikus Scherkl
Next by Date:  Re: draft-ietf-openpgp-rfc2440bis-06.txt, Bodo Moeller
Previous by Thread:  Re: draft-ietf-openpgp-rfc2440bis-06.txt, Bodo Moeller
Next by Thread:  Re: draft-ietf-openpgp-rfc2440bis-06.txt, Michael Young
Indexes:  [Date] [Thread] [Top] [All Lists]