On Thu, Sep 22, 2011 at 09:37:42AM +1000, James A. Donald wrote:
Email client generates private/public keypair. Sends public key to CA
server. CA server certifies that the owner of the private key
corresponding to this public key is capable of receiving email at the
address, emails certificate it back to ostensible email address.
On 2011-09-22 8:35 PM, Paul Walker wrote:
User's machine crashes. How do they tell the CA server that the owner of the
public key is no longer capable of receiving email with that private key?
If one encrypts a message, and it fails, recipient may reply, "could not
read your message, try again". Second one will work, because it will be
encrypted to the public key associated with that reply.
I would suggest a reasonable timeout on the keys, for example 45 days,
with the client getting a new key every thirty days. When sending
encrypted messages, client attempts to get a reasonably up to date
recipient key.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
