Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!rutgers!usc!zaphod.mps.ohio-state.edu!van-bc!rsoft!mindlink!a80
From: a80@mindlink.UUCP (Greg Goss)
Newsgroups: comp.org.eff.talk
Subject: Re: Digital Signatures and Public Key Cryptography
Message-ID: <3025@mindlink.UUCP>
Date: 1 Sep 90 14:10:57 GMT
Organization: MIND LINK! - British Columbia, Canada
Lines: 33

> jik@athena.mit.edu writes:
> Org.  : Massachusetts Institute of Technology
> Person: Jonathan I. Kamens
> 
>   As for releasing the private key, that was the original poster's whole
> point -- once the private key is public, the owner of the key can claim that
> he never signed the contract.  Then, all he has to do is register a new key
> and start using that rather than the old one.
> 



Not that simple.  It takes time for announcements to percolate through to
everyone's attention.  During the interval between the protagonist releasing
his private key to the world and the world realizing that this key is now
public knowledge, real personal damage could be done to the protagonist.  There
would be many people who would never really trust the protagonist's key in the
future.  Has he dropped it into the net again?  Was it really an accident the
first time?  If this guy can't look after a simple key, how much can I trust
him with any of MY secrets?


I think that this tactic would do significant damage to the protagonist's
reputation, and agree with the person doing the criticism that it would only be
a severe-emergency tactic when he's trapped into a very tight corner and needs
a panic escape.

He said nothing about public keys.  You tell him that he doesn't understand,
and go on about how public keys are intended to be released.  We know that.  I
still agree with him that releasing a private key to degrade the validity of a
bad contract (or whatever) is only a severe last-gasp desperation move.

.../greg