Unfortunately, as you pointed out yourself, if you no longer have your private key, and you know or suspect that somebody else got a copy of it, then you cannot make that revocation statement yourself.
Right, that's a separate case. By definition, a self-signed cert cannot deal with that, at the protocol level. No biggie. It's not compulsory.
A very common case for this would be that the computer that has your unique copy of the private key stored on it gets stolen. If the thief was after your private key, he may be able to password-crack your key database, and get ahold of the key. You would have absolutely no way to do anything about it. And if the thief was indeed after your private key, then I wouldn't hold my breath for *him* to make the revocation statement !
I don't know how common this is, really. I've heard of all these things happening in isolation, but I've never heard of a someone stealing a laptop, searching for the key, cracking it open with a password cruncher, and then going out and ... doing some damage like stealing your value using a your cracked key.
I mean, all these things are possible, but they are rather unlikely. It's only in the last year that viruses have targetted e-gold and Paypal passwords, I've never heard of anyone targetting keys (although there is a paper on this, google "lunchtime attack").
It's like walking out the front door - we take adequate precautions for normal risks, like looking left and right on entering the road. But we don't worry about meteors.
Most people walk around with cash in their pockets. It they lose their wallets, they lose their cash. What do they do? Take care, mostly. These are normal risks and normal responses. Ben says he wants to take care, is all.
Self-signed certs have limitations. But, they are nice and cheap. You don't get everything for free, but you do get quite a lot.
(talking to Benm you said:)
> You can't, but CAs can ! > > If your cert was signed by a CA,...
I count about 6 ifs there, that the average CA is selling. $100-$900 buys far too many ifs for many uses. I think a lot of people will be happy with a lack of hand-holding, at the price.
> It would be of great benefit to you to read the specifications for the > existing and secure PKI revocation mechanisms of CRLs and OCSP. There is > no need to reinvent the wheel. I won't be answering any more of your > messages until you do your due diligence.
Well, here's some due diligence: How much has been lost due to lack of 3rd party recovation capabilities in the OpenPGP or SSH or any world? Indeed, how much has been lost due to lack of 3rd party revocation, in the SSL world - given that we are only just now seeing something like an infrastructure that could be considered to be substantial? Correct me if I'm wrong, but the 1st decade of SSL was ... revocation weak. Surely there are some risks, some losses to show for it?
Some merchants saying that "I lost my cert, I lost my house?"
Also, given the nature of self-signed certificates, it is pretty clear that the user gives up any benefit of revocation by CAs. What on earth is offensive about that? A self-signed cert user doesn't want anything to do with a CA, including revocation. There is simply no drama here.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
