W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: losing private key, means losing access to resources, surely.

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 13 Apr 2011 16:23:30 -0400
Message-ID: <4DA60642.4000908@openlinksw.com>
To: peter williams <home_pw@msn.com>
CC: 'WebID XG' <public-xg-webid@w3.org>
On 4/13/11 3:54 PM, Kingsley Idehen wrote:
> Re. ODS, you would do the following once you know your private key has 
> been compromised. For instance, you laptop is stolen. Even worse, your 
> USB key store is stolen.
> Steps:
> 1. Login to ODS using Digest Authentication using standard username 
> and pwd interaction pattern
> 2. Remove all Public Keys (via "Security" tab UI)
> 3. If in possession of a new USB key store or personal computer, 
> generate new certificates
> 4. Done, until next compromise of this magnitude.

Note, just for 100% clarity sake, #3 is about new certificate and 
associated private key generation. Then depending on the browser you use 
the cert. and associated key will be persisted to browser, OS store, or 
USB key store etc..



Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Wednesday, 13 April 2011 20:23:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC