On 11/18/20 4:23 PM, Stephen Farrell wrote:
Hiya,
On 18/11/2020 22:56, Michael Thomas wrote:
Given that the internet is forever on
so many other levels, publishing private keys seems too little, too late.
I think your conclusion there is a thing where reasonable
people can disagree as to possible outcomes.
I don't think it's too late if there is some sufficient new
benefit accruing to a private key publisher. And that may be
the case as already discussed.
I don't think it's too little either - since everything else
in a leaked mail or message store is freely malleable, access
to the relevant private key is arguably not too little.
There's still plenty of possibility for this not getting
used, but I think it worth a bit of effort to try find
that out. (And, I admit, part of me likes the idea of
publishing private keys for virtuous reasons:-)
Obviously I'm not vehemently against this -- people can do whatever they
like with their private keys -- but it seems in order to do this
properly it's a tiny bit protocol specification and a lot of bit of BCP
describing the problem space of who, when, and why somebody would do this.
Mike
