undefined | Better HN

0 pointsjychang2mo ago0 comments

You're revoking the attacker's key (that they're using to upload the docs to their own account), this is probably the best option available.

Obviously you have better methods to revoke your own keys.

0 comments

it is less of a problem for revoking attacker's keys (but maybe it has access to victim's contents?).

agreed it shouldn't be used to revoke non-malicious/your own keys

nebezb2mo ago

The poster you originally replied to is suggesting this for revoking the attackers keys. Not for revocation of their own keys…

there's still some risk of publishing an attacker's key. For example, what if the attacker's key had access to sensitive user data?

j / k navigate · click thread line to collapse