Re: Transitive trust

[Ray Arachelian <sunder@dorsai.dorsai.org>]

On Wed, 8 May 1996, Steve Reid wrote:

> When you sign a key, you are placing your reputation on the line, so you 
> must be certain that the level of trust you're placing is appropriate. 
> But what happens when someone goes rogue and ignores credentials, and 
> signs keys of anyone who is willing to pay the price? You would regret 
> signing the rogue person's key. So, IT SHOULD BE POSSIBLE TO REVOKE 
> TRUST, in order to protect your own reputation.

> PGP currently only allows a person to revoke their own key. Most people 
> would revoke their key if it were stolen, to protect their own 
> reputation. However, some people may be unwilling or unable to revoke 
> their own key, and if you signed that key, your reputation may be 
> affected. Clearly, it should be possible to remove your signature from 
> someone's key.


But it is - it's a pain in the ass, but you can always revoke your own 
key and generate a new one, then sign everyone's keys whom you've signed 
as trusted, EXCEPT the one you wish to revoke.
 
> What it all comes down to is reputation. Protect your reputation, and 
> you could make a living on your reputation alone.

Ah, but first you have to build yourself a reputation before you can live
off it alone.  :) That includes doing cool things other than building
reputations by signing keys.


==========================================================================
 + ^ + |  Ray Arachelian |FH|       KAOS KERAUNOS KYBERNETOS      |==/|\==
  \|/  |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\=
<--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/=
  /|\  |    Just Say     |KD|law abridging the freedom of speech' |==\|/==
 + v + | "No" to the NSA!|TA|        do you not understand?       |=======   
===================http://www.dorsai.org/~sunder/=========================
Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA