Subject: Re: Beer...and keys.
To: None <regional-nyc@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: regional-nyc
Date: 12/18/2003 01:20:06
>>>>> "cs" == Curt Sampson <cjs@cynic.net> writes:

    cs> If you lose your laptop, you presumably lose your revocation
    cs> certificate as well.

If like Andrew you don't lose the key, but just forget your
passphrase, the revocation certificate will help you.  Although it's
not urgently needed since the key isn't actually compromised, maybe it
makes things cleaner.

    cs> If [some hypothetical other place off your laptop is] not safe
    cs> enough to back up your key, what's to stop an attacker from
    cs> revoking your key and committing a denial of service attack?

eh.  nothing, but probably a DoS attack bothers you less than a third
party decrypting your messages.  If you are the sort who imagines risk
and convenience on some continuous scale, there is a class of places
that's good enough for storing a revocation certificate but not a key.
For example, a lot of people may decide they don't want backups of
their key period---they only want one place to steal it from, like a
USB/CF necklace.  It still makes sense under that level of paranoia to
back up a revocation certificate.

anyway...it looks like my white russian is wearing off.  I'll try to
come tomorrow.

-- 
``George Bush was not elected by a majority of the voters in the
United States. He was appointed by God.''
		-- Lt. Gen. Boykin, deputy undersecretary of defense
                   for intelligence