On 02/15/2013 10:25 PM, Nick M. Daly wrote:
> For example, is it acceptable if the client's secret key be exposed
> when the box is rooted by attackers? (Probably not, but that does
> let the host act as a trust proxy without relying on subkeys, or
> other weird yet conceptually interesting trust models).
what's wrong with using subkeys or explicitly designating a trust proxy?
it seems like the tradeoff (of having a rootable machine hold your
basic secret key identity material) is clear enough to make the use of
explicitly revokable proxies worth doing.
--dkg
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
