- Magento 2. Does Commerce offers more functionality than Open Source in term of Web APIs?
- Why does Asuka caress Shinji in EoE?
- I didn't understand Tokyo Ghoul
- What's the difference between Endeavor and Dabi quirks?
- How would a privatized society deal with disputes over flows of air and water?
- Humanoid robot queries
- Using DNA data on different genealogy sites?
- LightingInput for Address not setting default Country Code
- Error “Bind variables only allowed in Apex code” simple_salesforce (Python)
- Live Agent Preview of Chat before Agent Accepts the chat in Omni Channel Lightning
- Salesforce SOAP Callout :: faultcode=a:InvalidSecurity
- One of two attributes is required in a lightning component
- ClaimRow in a For loop
- REST API importsend SMS — HTTP/1.1 400 Bad Request
- REST API refresh filter list
- Is it obligatory to keep our back horizontal while bowing in prayer?
- Времена в русском языке
- Rpi3 is the hardware watchdog enabled by default
- How to install seafile client
- Get a pi running headless, first time use, with only NOOBS pre-installed on SD card
Publishing a private key as a way to revoke it?
Academically, I've been thinking of a system where every user has identities tied to private/public key pairs. A Web Of Trust style of verifying other users builds trust in who is who. If you want to be anonymous, just generate a new key pair and don't have anybody sign it. If these keys were used for absolutely everything in life both professionally and leisurely then a user could potentially generate a lot of keys. For one reason or another, some of these key pairs may wish to be destroyed.
If forward secrecy was always used with the key, could a method of revocation be to publicly post the private key? What downsides would this approach to revocation have?
The idea of simply publishing the private key works only if the private key is definitely not in use anymore. Apart from using forward secrecy for encryption it means that the key was never and will be never allowed to be used for digitally signing something (i.e. proof of authorship), because otherwise everyb
The idea of simply publishing the private key works only if the private key is definitely not in use anymore. Apart from using forward secrecy for encryption it means that the key was never and will be never allowed to be used for digitally signing something (i.e. proof of authorship), because otherwise everybody could just take this private key to impersonate someone and claim that the message has been created by the other one before the private key was published. Also, publishing the private key means that the owner still has access to the key which is not necessarily the case if his computer was stolen or compromised by the attacker.
While one might probably construct a system were guarantees about not signing can be given it looks like your specific system is not, since there is actually signing involved to have some web of trust. But in any case it would be better if revocation would be possible without relying on such restrictions in the first place. One way would not to publ2018-06-05 10:11:01