On 03/15/2014 at 1:47 PM, "Jon Callas" <jon(_at_)callas(_dot_)org> wrote:
It's really the same problem, just with a one-person variety. It
boils down to the fact that revocation doesn't really work, beyond
trivial cases.
Now on the other hand, ages ago, we discussed ring signatures, and
a use case that I wanted to do was to make it so that whenever
Alice sends Bob a signed email or other casual message, she would
(could?) sign it with a ring signature of her key and Bob's. Bob
knows that he didn't sign it so he knows that Alice did.
But isn't it obvious that the key revocation is a scam, when the time of the
revocation and the time of its receipt by a key-server, are too far apart?
(anything more than an hour should be suspicious.)
The only plausibility Alice may have, is that she couldn't get online soon
enough after she revoked her key,
and this is discoverable if she went online for any other reason.
If there were some way to make the revocation process not be complete until
received and verified by a keyserver,
and then listed as revoked as of the keyserver's receipt time,
then it might do away with the 'change the clock and revoke scam' and make
revocation more workable.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp