Let's say it's the future, and everyone has at least one public key and is a full participant in a global web of trust. Wonderful, until EvilWorm9000 hijacks your mail client and starts spamming everyone within 4 degrees of separation. How does the ideal network respond? In this post I provide a possible approach (temporary key tainting), but the main goal here is to stimulate a conversation.
There are two types of attack here: Confused deputy, and leakage of private key. I'll address them separately.
Leakage of private key
This is the simpler case, so I'll address is first. If the malware sends your private key to Nigeria, you're hosed. Better distribute that revocation certificate pronto. You might not have noticed yet, or perhaps you are otherwise incapable of revoking that key, so there had better be a way for other people to initiate this process. Perhaps there is a mechanism in place by which you have sent your friends the revocation certificate in such a way that only a quorum of them can decrypt it to broadcast. If your friends acted fast enough, they could revoke the key on your behalf before too much damage was done.
But perhaps the key isn't stolen after all. It could be a matter of a...
If the malware has, for instance, injected itself into your email client, then it does not have direct access to your private key but can nevertheless send email signed as you (and read mail encrypted to you.) The mail program is deputized to use your key on your behalf, so this is more or less an instance of the confused deputy problem. Under these circumstances, key revocation is overkill. (You'd need to abandon the old key even though it had not been compromised.) Maybe all you need is a way to temporarily prevent your key from being trusted.
I'm imagining a "tainting" system whereby (again) a quorum of friends would be entrusted the ability to issue a message marking your public key as possibly compromised. Anyone receiving this message would treat the key as revoked: No encrypting to the key, no trusting new signatures from it. Without further action, this taint would hold indefinitely. Once you'd cleaned up your system, you could ask your friends to sign an untainting message that repeals the original. Any signatures generated in the duration would still be regarded as untrusted, but new signatures would be handled normally.
I'll leave you with a few questions:
- Is it important for there to be a way for the focal individual to untaint a key themselves in the case of shenanigans/rampant malware/social drama?
- Should tainting be a global property or n-degrees local to the focal key?
- If used, should tainting be an integral part of any web of trust mechanism, or is it meaningful to build it as an overlay? (I think the former, since the latter relies on bug-prone opt-in programming.)
- Should a taint automatically become permanent if not repealed within some duration of time?