[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Transitive trust
From: IN%"[email protected]" "Ray Arachelian" 10-MAY-1996 16:37:22.44
>But it is - it's a pain in the ass, but you can always revoke your own
>key and generate a new one, then sign everyone's keys whom you've signed
>as trusted, EXCEPT the one you wish to revoke.
Well... that has the problem that all the signatures on your old key
won't transfer, so far as I know. Now, this may have the good effect of
decreasing the effective reputation of anyone who goofs and needs to revoke
a signature (and of causing people to check more carefully when first
signing)... but it's also a motivation not to check carefully _after_ the
first time (you might need to revoke it). This balance is also present about
other reasons to revoke a key - on the one hand, someone who frequently revokes
keys may not be keeping up with them very well, and thus should not be trusted.
On the other hand, it may be someone who changes them on a regular basis for
security (a reason to keep a master key to sign your key with & vice-versa,
then get signatures on it) or someone who is keeping a sharp eye out for
violations and will revoke a key whenever they suspect a problem.
-Allen