Revoked keys on keyservers
Dave Ewart
ewart@icrf.icnet.uk
Fri Oct 19 13:26:01 2001
--wq9mPyueHGvFACwf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Friday, 19.10.2001 at 11:14 +0200, DeBug wrote:
> >> A while ago there was some brief discussion on the keyserver
> >> manager list about the idea of aging keys off of the keyservers.
> >> Basically, any key that didn't get refreshed after a few years
> >> would just get dropped from the server.
>
> DE> That's actually a rather nice idea ... shame it never got up and
> DE> running.
>
> I do not think this is a good idea - imagine someone has generated
> exactly the same key someone was using in the past, now they both have
> the same private key. So the list of revoked keys is needed to
> determine your new key was not used before. I wonder how many keys are
> possible is it 2^N ? Is this number big enough if someone decides to
> start continuously generate and register random keys ...
My understanding is that the probability of generating a non-unique key
in this way is so mind-boggling small as to be effectively zero. I have
nothing to back up that argument, except "I think I read something like
that in Bruce Schneier's 'Applied Cryptography'" ...
Dave.
--=20
Dave Ewart
ewart@icrf.icnet.uk
Computing Manager
ICRF Cancer Epidemiology Unit, Oxford UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
--wq9mPyueHGvFACwf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: http://www.gnupg.org/
iD8DBQE70A1KbpQs/WlN43ARAtD7AKDWSNAXAiGHVz3to6LXfRl3QPtFMgCgrqvh
HoFzkKxy0KyBPWrPw1i1QNA=
=r4hO
-----END PGP SIGNATURE-----
--wq9mPyueHGvFACwf--