[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Revoking Old Lost Keys
At 9:47 AM 1/6/96, Frank O'Dwyer wrote:
>On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:[email protected]] wrote:
>>Basically, you are screwed. Any revocation you attempt will not be trusted,
>>as we will suspect the new "you" to be an attacker, perhaps an agent of the
>>NSA or the Illuminati. In the view that "you are your key," the old you no
>>longer exists.
>
>This is true, but the "old you" can be resurrected if you can get enough
>people to believe your new key using any out-of-band means available
>to you. You can also put a comment in your new key's uid explaining the
Could you explain how "enough people" can get around a basic
feature/limitation of the current PGP web of trust? Who, besides the
originator, can revoke an old key? How many does it take?
If a bunch of the "alleged" friends of Bruce could do this, could they not
revoke the key of someone they simply wish to hassle?
I agree that a new key can be generated, and a new "Please use this key,
not the other one" message sent, and this may work, but I don't believe
this revokes the old key and removes it from the keyservers. I could be
wrong, as I am certainly no expert on the keyservers.
The question is: is there a "majority vote" mode on the keyservers that
causes them to remove a key if enough people claim it is no longer valid?
--Tim May
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."