[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key revocation

To: Gleb Arshinov <gleb.lists@pluron.com>
Subject: Re: Key revocation
From: Colin Percival <cperciva@tarsnap.com>
Date: Thu, 29 Apr 2010 18:13:10 -0700
Cc: tarsnap-users@tarsnap.com
In-reply-to: <4BDA2D19.5060903@tarsnap.com>
Mailing-list: contact tarsnap-users-help@tarsnap.com; run by ezmlm
References: <w2j21e991821004291707o850297eaw227eb92e8f40c51@mail.gmail.com> <4BDA2D19.5060903@tarsnap.com>

Colin Percival wrote:
> Gleb Arshinov wrote:
>> Anyway, I think key revocation would be very handy for our use. [...]
> 
> Good points.  I've added this to my Tarsnap to-do list.  You won't be able
> to change the encryption keys, of course, but changing the access keys
> will be better than nothing and possibly enough for most people.

Just to clarify, what I mean here (and what I think Gleb means) is *changing*
the keys which are used to access a machine's data.  That is, key rotation,
not key revocation.

Deleting a machine and all of its data if you've lost its keys (so that you
don't end up paying to store the data forever) is a completely different matter
-- I haven't written the code to allow people to do that yet either, but I can
nuke machines' data if people find themselves in that position.

-- 
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid

Follow-Ups:
- Re: Key revocation
  - From: Michael Stevens <mstevens@etla.org>
- Re: Key revocation
  - From: Gleb Arshinov <gleb.lists@pluron.com>

References:
- Key revocation
  - From: Gleb Arshinov <gleb.lists@pluron.com>
- Re: Key revocation
  - From: Colin Percival <cperciva@tarsnap.com>

Prev by Date: Re: Key revocation
Next by Date: Re: Key revocation
Previous by thread: Re: Key revocation
Next by thread: Re: Key revocation
Index(es):
- Date
- Thread