On Aug 28, 2013, at 11:03 AM, Jonathan Thornburg wrote:
> On Wed, 28 Aug 2013, Jerry Leichter wrote:
>> On the underlying matter of changing my public key: *Why* would I have
>> to change it? It's not, as today, because I've changed my ISP or employer
>> or some other random bit of routing information - presumably it's because
>> my public key has been compromised.
>
> Maybe it's because you've forgotten the passphrase guarding the
> corresponding private key?
>
> Or because you'd like to do the electronic equivalent of "change my name,
> start [this facet of] my electronic life over"?
The point of my question was that for different reasons for changing the public
key, there are different issues and different potential responses.
- If I need to change because the private key was compromised, there's nothing
I can do about past messages; the question is what I do to minimize the number
of new messages that will arrive with a now-known-insecure key. This was the
case I assumed the previous poster was concerned with.
- If I lost the private key, all previous messages remain secure - except they
are now, unfortunately, secure against me as well :-(. New messages sent with
the key will be unreadable, but if I am in a position to determine who sent
them, I can tell them to re-send with a different key. If the system is set up
so that even return information is encrypted, I'll have to rely on my
correspondent's realizing they need to re-send via some other mechanism. (It
could be through whatever revocation mechanism the system has; it could be
through mail I send to everyone I correspond with; it could be through a phone
call, or just by word of mouth. The sender will have to check the dates and
realize that some message was sent recently enough that I probably couldn't
decrypt it.)
- As I outlined things, there was never a reason you couldn't have multiple
public keys, and in fact it would be a good idea to make traffic analysis
harder. Adding a new key for "a new facet of your electronic life" is trivial.
-- Jerry
>
> --
> -- "Jonathan Thornburg <jth...@astro.indiana.edu>
> Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
> "There was of course no way of knowing whether you were being watched
> at any given moment. How often, or on what system, the Thought Police
> plugged in on any individual wire was guesswork. It was even conceivable
> that they watched everybody all the time." -- George Orwell, "1984"
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
