Lying and RIP
Kieran Barry
cs97ktb at brunel.ac.uk
Thu, 16 Mar 2000 00:51:55 +0000 (GMT)
On Wed, 15 Mar 2000, Nicholas Bohm wrote:
> At 05:50 PM 3/15/2000 +0000, Pete.Chown@skygate.co.uk wrote:
> >A slightly different question about RIP... Presumably if you are
> >required to keep the confiscation of your key secret, you are required
> >to lie. If someone asks you if your key has been compromised, you
> >cannot say that it has, and a "no comment" type of response would
> >basically amount to the same thing.
>
> You can revoke your key, which does not disclose what you are forbidden to
> disclose; but if asked why, you must say "I cannot tell you". This
> likewise does not disclose what you are forbidden to disclose, even though
> an intelligent inference might be drawn.
>
> This is why the power to demand the key is useless for future traffic, its
> only legitimate justification.
Is this the case? In an organisation with perfect procedures, rekeying
should be routine (after the bill passes if not before.) However, if an
organisation does not have these procedures in place, or business cases
need to be drawn up, how does one explain why you want this?
It seems to me that this clause will be extremely effective, since I
expect best practice is going to be so rare.
Regards
Kieran