On Fri, Dec 20, 2013 at 6:22 PM, Colin Percival <[email protected]> wrote: > On 12/20/13 08:51, Andy Lutomirski wrote: >> FWIW, ls -l does give some hint -- keys with fewer permissions seem to >> be smaller. > > Yes, this is generally correct, although there can be confounding factors -- > if > a key file is passphrase-protected then it will be larger than a file with the > same keys but no encryption. > >> Also, it would be nice if there was a way to revoke or rotate the delete key. > > Hmm, interesting idea. I wonder what credentials should be used to authorize > a key-rotation request... >
Nuke, at least, should be sufficient :) Alternatively, have a new rekey credential, which is initially equal to delete or perhaps nuke. Then allow (rekey, cred) to rotate cred. --Andy > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > -- Andy Lutomirski AMA Capital Management, LLC
