Ian Grigg wrote:
Oh, ok! Now, how many of those are actual results of compromise? As opposed to routine replacements or expiries or other benign effects. Are we saying that CACert has a lot of compromises already? That would be a surprise.
I'm assuming quite a few would be from lost certs when they've reformatted or viruses did it for them.... While not being compromised
As expected. You know, in the Linux community, machines are hacked all the time, I guess we would have heard of stolen certs by now.
I'm sure a lot of people have lost access to PGP keys the same way... There is no way to revoke a PGP key in that instance...
Right. In OpenPGP, one is supposed to create a revocation certificate up front, and then keep that in a safe place. I have never bothered.
iang
PS: Funny story from back in '96 or so. I was sitting all alone in the office and someone sent an urgent message to the corporate PGP key. Which I couldn't find. So, thinking that I could be smart and search the entire system for the corporate key, I wrote a little program to try the message on the key.
Well, to my surprise there were 5000 keys on the machine... and only many hours later, did the script eventually bumble it's way to find the key. Then, I only had to remember the password, which took another several hours.
Now, this is not really representative, there aren't many companies out there that built systems that scattered keys around like they were free! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
