[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Revocation



It would be nice to be able to revoke keys.  Though for us at Acunote,
it's not a high priority, because we are small.

For personal/small business use unauthorized access to the key is an
extraordinary event.  It's fine to nuke that whole machine's data.
For corporate use, you need to revoke access more often -- it's a
function of # of people with access and turnover rate.  With enough
data stored and enough turnover nuking data is not a good option.

As such decoupling authentication part of the key from encryption, and
giving user better control over authentication would helpful. For all
the same reasons people change passwords.

Best regards,

Gleb

Colin Percival wrote:
Robert Clemens wrote:
The only issue not easily resolvable on your own would be losing your
key entirely. This would have an effect
on the account as it would permanently drain funds for data storage that
is unusable. There are a couple scenarios
that would happen in this case.
 1) The funds (hopefully few) would be depleted and you would use
another account.
 2) The funds are plentiful (bummer) and you would need to contact Colin
for support on this. Not sure what his
   options are as of this time to do file or key deletion on your behalf
if you could prove your identity justly.

Yes, if you lose your keys for a machine and can convince me that you are
yourself, I can delete the data stored by that machine so that it doesn't
keep on draining money from your account.