[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP Question:
Derek Atkins wrote:
> What should be available (although it is not implemented) is a userID
> revocation, where you can basically send out a messages that will
> remove userIDs from a key. Then again, signature revocations should
> be implemented as well...
Sorry Derek, you lost me on this one. Why should there be
signature revocations? When you sign a key, all you are vouching
for is the integrity of the key, and not the integrity of the
key issuer. At least that was my understanding. When would a
signature revocation be necessary? The only time I can think of
a use for this, is if someone has signed a key indiscriminately,
in which case you shouldn't be trusting the validity of any of
the signatory's signatures, since their signatures are
untrustworthy.
If I'm erring in some way, could someone please clairfy?
>