On 18/03/2022 00:07, Colin Percival wrote:

On 3/17/22 08:17, Arthur Chance wrote:

Is it possible to invalidate an existing tarsnap key so it cannot be
used in future. I have a key for a decommissioned machine so it's no
longer needed and hypothetically it could be used for DoS attack (by
creating bogus archives and draining the account funds). Obviously this
is impossible unless the key leaks somehow, but operational paranoia
would suggest invalidating it would be a good idea.

The API for disabling keys is "send Colin an email". ;-)

So API = Application Programmer's Initiative. :-)