[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP Question:

To: [email protected] (Derek Atkins)
Subject: Re: PGP Question:
From: "Istvan Oszaraz von Keszi" <[email protected]>
Date: Thu, 28 Apr 94 17:12:24 MDT
Cc: [email protected]
In-Reply-To: <[email protected]>; from "Derek Atkins" at Apr 28, 94 6:31 pm
Sender: [email protected]

Derek Atkins wrote:

> There are a number or real reasons.  Maybe you got coerced into
> signing they key, or you think that maybe the key was signed
> incorrectly, or maybe that person no longer uses that email address,
> because they lost the account, or that maybe you don't believe that
> the binding of key to userID is valid for any number of reasons.

Uhh, right.  But all a person has to do is issue a key revocation
certificate.  Now if someone CAN'T issue a signed certificate, then
that is a problem.  

And a good problem to have.  Otherwise how would we know that a
revocation is valid?

Then again just create a new key and get the key signed.  You can
carry a key with you from email address to email address.  You 
can edit your own user id, with I believe pgp -ke.  If you do
have to get a "brand new key" cut, you can get your key signed by
someone over the phone, (that is if you trust the phone :-),

But if no one trust you over the phone, your SOL, unless of
course you had someone sign your keys and not just your key, 
in which case there really isn't a big problem.  

A gram of prevention is worth a whole hell of a lot.

Did you say you were at MIT?

Follow-Ups:
- Re: PGP Question:
  - From: Derek Atkins <[email protected]>

References:
- Re: PGP Question:
  - From: Derek Atkins <[email protected]>

Prev by Date: May 4 Crypto Talk...
Next by Date: Re: RSA-129
Prev by thread: Re: PGP Question:
Next by thread: Re: PGP Question:
Index(es):
- Date
- Thread