On Tue, 2002-09-24 at 16:37, Derek Atkins wrote: > [...]If the > attacker controls the keyserver and can remove revocations then > obviously this doesn't work, but I don't think an attacker can control > that many data points. Depending on the attack scenario, it might suffice when one person does not see a revocation certificate during a limited timeframe (while they send some vital documents encrypted to the compromised key). This only requires control of the network connection of one machine for a specific time. Absolutely feasible. cheers -- vbi -- secure email with gpg http://fortytwo.ch/gpg NOTICE: subkey signature! request key 92082481 from keyserver.kjsl.com
Attachment:
signature.asc
Description: This is a digitally signed message part