From: harka@nycmetro.com
Date: Tue, 14 Jan 1997 20:33:17 -0800 (PST)
To: cypherpunks@toad.com
Subject: Key Revokation Scheme
Message-ID: <TCPSMTP.17.1.14.-9.32.16.2780269260.1467056@nycmetro.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hi there,

I started thinking about the issue, how to set up a system to have
somebody else revoke your key for you, if you don't have the means
to do so yourself.
The possible case I had in mind was, what if you're maybe a
dissident, you get arrested and your apartment (incl. disks/keys)
gets raided. You don't have any means to revoke the key yourself,
don't even have e-mail in general, and with the "one phone call",
that your hopefully entitled to, you can't really do much...
It might have been discussed before, but here is what I came up
with:

Peter (the dissident) creates a signed key revokation certificate
and a list of the intended recipients for it. He archives the files
and then encrypts the archive conventionally. He then sends the
encrypted archive file to his trusted friends (or relatives) Alice
and Bob, without the passphrase though.
(Note: For additional security, the files within the archive may be
encrypted with A. and B.'s public keys).

Then Peter gives a sealed envelope to his lawyer (or anybody he
trusts and who would know, if something happened to him),
containing the passphrase and the names of Alice and Bob, incl.
their respective phone/fax numbers, e-mail adresses and snail mail
adresses with the instruction to notify them if necessary.
The lawyer however, does not have the archive itself.

Now, in case of an arrest, Peter calls his lawyer (he'd very likely
be the first one to know) and thus he knows, that Peter's keys have
been compromised.
The lawyer now opens the envelope and gets in touch with Alice and
Bob, telling them of Peter's misfortune, and he gives them the
passphrase for the archive.
He also sends them the same information in an encrypted/signed
e-mail. (Note: Of course, Alice and Bob have to have the lawyers
public key and his key must be signed by Peter and vice versa.
Preferably, Alice and Bob have met the lawyer at some point and have
verified his key first hand.)
Thus they know, it was really Peter's lawyer, who gave them the
information, not somebody else, who might have gotten possession of
the envelope...

Alice and Bob, however, do not immediately send out the revokation
certificate, but try to verify the information from the lawyer with
independent sources, such as Peter's relatives, friends etc..
Only if one or better both of them (they should be in contact with
each other too) has/have enough reason to believe, that Peter is
really in trouble and that his keys have been compromised, they
decrypt the archive and send his key revokation certificate to the
intended recipients (friends, key-servers etc.).


Note1: The entire system relies on the trustworthiness of
Alice and Bob and their effort, to verify the information,
before they send out the revokation certificate.

Note2: The described chain of information/verification could go
different directions. Even if Peter's mom is the first one to know,
she could call Alice and/or Bob and/or his lawyer {...}, who in turn
verify the information with others...

Note3: As additional backup for the case, that the lawyer can't get
in touch with neither Alice nor Bob, he could have the same archive
file, encrypted with a different passphrase (which he doesn't know).
If he can't talk to Alice or Bob within a reasonable time period
(let's say 3 days), Peter could give him the passphrase and so his
lawyer himself sends out the revokation certificate.

Note4: In case, Peter doesn't even get the one phone call, but
happens to be in a country, where one just "disappeares", having his
secret keys compromised should be the least of his problems...
But even then, chances are, that the word gets out and Alice and Bob
could act upon it.


Please let me know, if you think, that such a scheme could work (or
not work). Also I'd be grateful, if you'd copy replies to my private
e-mail adress as well, for I am currently not subscribed to the CP
list...

Ciao

Harka

/*************************************************************/
/* This user supports FREE SPEECH ONLINE           *         */
/* and PRIVATE ONLINE COMMUNICATIONS!            *   *       */
/*                                             *       *     */
/* E-mail: harka@nycmetro.com                    *   *       */
/*                                                 *         */
/* Finger or E-Mail for PGP public key.          *   *       */
/* Key Size: 2047   /   KeyID: 04174301        *       *     */
/* Fingerprint: FD E4 F8 6D C1 6A 44 F5   http://www.eff.org */
/*              28 9C 40 6E B8 94 78 E8                      */
/*<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/
/* May there be peace in this world, may all anger dissolve  */
/* and may all living beings find the way to happiness...    */
/*************************************************************/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAgUBMtsI6zltEBIEF0MBAQHo7wf9GQTU5u72gFVZ0LMr7hhTWSikYVDFvzGF
bGopD01j6bq3g9jYQC3YC0pRGfA+y8Q3qDLRbeJ5qMm3iXZgv7Axu2PVeri7ZE7r
+GWZjfMk9EFGY1t9Jf2Fnm9mSAV0Cgq02vyhns8fLqTH1jcNuinZZ61Hq1+oSDFs
f7/qttsqLZmxeHU+VI/47U0xkuh4NXQk/aZlNUOr9Au9+PhqJwpa7EGYzmCBKTzl
pu4QRyjNnvgIuec2wkwVn8uNevvlc/aQB65uU55+NOQnMINl2V4S3lRim9F7gGH+
DV6NiZxmjxCXbX0y4K+33BX1YIwBgYz5EArM1O1j32lOpThIb03jmA==
=stfG
-----END PGP SIGNATURE-----


If encryption is outlawed, only outlaws will have encryption...