Security Basics mailing list archives

Re: Digital Certification Revocation

From: Tracy Reed <treed () ultraviolet org>
Date: Fri, 18 Sep 2009 09:40:45 -0700

On Fri, Sep 18, 2009 at 05:36:05PM +0200, M.D.Mufambisi spake thusly:

Thanks tracy. In the event that i die, what stops someone with access
to my digital certification pose as me? Does someone have to revoke MY
certificate in the even of my death?


The private key should be encrypted with a password. If nobody else
knows your password they cannot make new signatures and pose as
you. Nor can they make a revocation certificate. If you have
pre-generated the revocation certificate (which you should) you must
keep it physically secure. Only the person who you would want to
handle the revocation in the event of your death should have access to
it. Nobody has to revoke your certificate in the event of your
death. It might be nice if someone would revoke it but if signed
messages start turning up after your death it should not be hard for
anyone who cares (not sure who that would be, perhaps your estate or
next of kin) to prove that you did not sign the messages.

-- 
Tracy Reed
http://tracyreed.org

Attachment: _bin
Description:

Current thread:

Digital Certification Revocation M.D.Mufambisi (Sep 17)
- Re: Digital Certification Revocation Tracy Reed (Sep 17)
  - Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
    - Re: Digital Certification Revocation Tracy Reed (Sep 18)
    - RE: Digital Certification Revocation Peter, Matt (Sep 18)
    - Re: Digital Certification Revocation M.D.Mufambisi (Sep 18)
    - RE: Digital Certification Revocation David Gillett (Sep 18)