Y
Hacker News
new
|
ask
|
show
|
jobs
by
securesaml
150 days ago
it is less of a problem for revoking attacker's keys (but maybe it has access to victim's contents?).
agreed it shouldn't be used to revoke non-malicious/your own keys
1 comments
nebezb
150 days ago
The poster you originally replied to is suggesting this for revoking the attackers keys. Not for revocation of their own keys…
link
securesaml
150 days ago
there's still some risk of publishing an attacker's key. For example, what if the attacker's key had access to sensitive user data?
link
throwawaysleep
150 days ago
All the more reason to nuke the key ASAP, no?
link