[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP Question:



> Uhh, right.  But all a person has to do is issue a key revocation
> certificate.  Now if someone CAN'T issue a signed certificate, then
> that is a problem.  

The point is that someone shouldn't NEED to revoke their key if all
they are doing is changing their email address.

What if the binding of the userID is a result of a position that you
hold... For example, I am the owner of a company and I sign people's
identifiers, saying that they are employees of mine, and possibly what
their position is.  Now say I fire someone, I want to be able to
revoke my signature since the binding is no longer valid!  But I
shouldn't need to force them to generate a new key.

> Did you say you were at MIT?  

This is a joke, right?

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       [email protected]    PP-ASEL     N1NWH    PGP key available