[cryptography] Security Pop-Up of the Day
James A. Donald
jamesd at echeque.com
Thu Sep 22 19:26:26 EDT 2011
> On Thu, Sep 22, 2011 at 09:37:42AM +1000, James A. Donald wrote:
>> Email client generates private/public keypair. Sends public key to CA
>> server. CA server certifies that the owner of the private key
>> corresponding to this public key is capable of receiving email at the
>> address, emails certificate it back to ostensible email address.
On 2011-09-22 8:35 PM, Paul Walker wrote:
> User's machine crashes. How do they tell the CA server that the owner of the
> public key is no longer capable of receiving email with that private key?
If one encrypts a message, and it fails, recipient may reply, "could not
read your message, try again". Second one will work, because it will be
encrypted to the public key associated with that reply.
I would suggest a reasonable timeout on the keys, for example 45 days,
with the client getting a new key every thirty days. When sending
encrypted messages, client attempts to get a reasonably up to date
More information about the cryptography