|
|
|
|
|
|
by racbart
4626 days ago
|
|
|
What happens when your private key is compromised? Someone is able to read all your messages and send messages impersonating you and you can't stop that, as the address is a hash of the public key which derives from the private key. You can't change keys like you could change your password in a traditional email. You'd need to start using a new address but you can't expect the whole world stop using your old address overnight (if at all). This looks terrible. GPG solves this problem by not having keys and addresses bound mathematically and relying on web of trust to match keys to addresses. You can always revoke compromised keys and start using new ones. You can't do that if the address is mathematically derived from the private key. Our email addresses are our identities these days. Any system that aims to replace email needs to provide some safe recovery in case the keys/passwords are compromised. It's just too risky to have unchangeable password/key for your identity. |
|
|