[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key Revocation
Ideally this should not be an issue. "tarsnap-keymgmt" provides the
creation of key files with
different permissions. You should have the "master" key file somewhere
secure that you can always
access. Should a key become compromised or lost you would, at this
point, simply nuke the entire
archive and abandon the use of that key.
Also ideally you would be using a keyfile to write the archives that
does not have read access. And you
would have a seperate key for pulling the data back onto the server
should this be necessary.
I would assume (I know I know about assumptions) that revocation would
be an option that will be integrated
into tarsnap but think steps are currently in place to handle such issues.
The only issue not easily resolvable on your own would be losing your
key entirely. This would have an effect
on the account as it would permanently drain funds for data storage that
is unusable. There are a couple scenarios
that would happen in this case.
1) The funds (hopefully few) would be depleted and you would use
another account.
2) The funds are plentiful (bummer) and you would need to contact
Colin for support on this. Not sure what his
options are as of this time to do file or key deletion on your
behalf if you could prove your identity justly.
That's all I can come up with. Hope that helps a bit.
--
Robert Clemens
On 2/6/2010 1:32 PM, Matthias-Christian Ott wrote:
Hi,
as far as I unsterstood it, tarsnap uses symmetric keys for signing and
hashing data. You can submit the key to the server to authenticate
to the server and ensure that the data is transfered correctly.
This sounds very reasonable and secure to me.
However, I couldn't find a way to revoke a key, in case it is
compromised or lost. Is this a design descision, a drawback of
symmetric cryptography or have I simply overlooked something?
Regards,
Matthias-Christian