[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Revocation



Ideally this should not be an issue. "tarsnap-keymgmt" provides the creation of key files with different permissions. You should have the "master" key file somewhere secure that you can always access. Should a key become compromised or lost you would, at this point, simply nuke the entire
archive and abandon the use of that key.

Also ideally you would be using a keyfile to write the archives that does not have read access. And you would have a seperate key for pulling the data back onto the server should this be necessary.

I would assume (I know I know about assumptions) that revocation would be an option that will be integrated
into tarsnap but think steps are currently in place to handle such issues.

The only issue not easily resolvable on your own would be losing your key entirely. This would have an effect on the account as it would permanently drain funds for data storage that is unusable. There are a couple scenarios
that would happen in this case.
1) The funds (hopefully few) would be depleted and you would use another account. 2) The funds are plentiful (bummer) and you would need to contact Colin for support on this. Not sure what his options are as of this time to do file or key deletion on your behalf if you could prove your identity justly.

That's all I can come up with. Hope that helps a bit.

--
Robert Clemens

On 2/6/2010 1:32 PM, Matthias-Christian Ott wrote:
Hi,

as far as I unsterstood it, tarsnap uses symmetric keys for signing and
hashing data. You can submit the key to the server to authenticate
to the server and ensure that the data is transfered correctly.
This sounds very reasonable and secure to me.

However, I couldn't find a way to revoke a key, in case it is
compromised or lost. Is this a design descision, a drawback of
symmetric cryptography or have I simply overlooked something?

Regards,
Matthias-Christian