[cryptography] Security Pop-Up of the Day

James A. Donald jamesd at echeque.com
Thu Sep 22 19:26:26 EDT 2011


> On Thu, Sep 22, 2011 at 09:37:42AM +1000, James A. Donald wrote:
>
>> Email client generates private/public keypair.  Sends public key to CA
>> server.  CA server certifies that the owner of the private key
>> corresponding to this public key is capable of receiving email at the
>> address, emails certificate it back to ostensible email address.

On 2011-09-22 8:35 PM, Paul Walker wrote:
> User's machine crashes. How do they tell the CA server that the owner of the
> public key is no longer capable of receiving email with that private key?
>

If one encrypts a message, and it fails, recipient may reply, "could not 
read your message, try again".  Second one will work, because it will be 
encrypted to the public key associated with that reply.

I would suggest a reasonable timeout on the keys, for example 45 days, 
with the client getting a new key every thirty days.  When sending 
encrypted messages, client attempts to get a reasonably up to date 
recipient key.



More information about the cryptography mailing list