[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Revoking Old Lost Keys

To: Cypherpunks <[email protected]>
Subject: Re: Revoking Old Lost Keys
From: [email protected] (Mutatis Mutantdis)
Date: Sun, 07 Jan 1996 07:08:00 GMT
Sender: [email protected]

On Sat, 6 Jan 1996 09:47:16 -0000, "Frank O'Dwyer" <[email protected]> wrote:

[..]
>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess).  In any case, it's not really strong enough, 
>since what it says is "I retract all my previous statements that this key is 
>related to this user".  This'd mean that you'd have to visit everyone who'd ever 
>signed your key and get them to issue this retraction. What would be needed 
>for this problem is either an "anti-certificate" ("This key does not belong to this 
>user"), or else some convention. For example, if two _trusted_ keys are found for the 
>same uid, the most recent one could be chosen, and the earlier one be purged 
>from keyservers, etc.  This may be possible with current PGP.  I haven't tried it, 
>but since I have some keys which have fallen into disuse, I will need to do so 
>sometime.).

Revocation of signatures is a good thing, but beware of
anti-certificates, since one can create a nasty web of affirmations
and denaials that is unresolvable. (Yes, literally from Logic 101
classes about paradoxes....)

Prev by Date: Re: CelBomb
Next by Date: Re: "trust management" vs. "certified identity"
Prev by thread: Re: Revoking Old Lost Keys
Next by thread: Re: Revoking Old Lost Keys
Index(es):
- Date
- Thread