RE: Revoking Old Lost Keys

[tcmay@got.net (Timothy C. May)]

At 9:47 AM 1/6/96, Frank O'Dwyer wrote:
>On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:tcmay@got.net] wrote:

>>Basically, you are screwed. Any revocation you attempt will not be trusted,
>>as we will suspect the new "you" to be an attacker, perhaps an agent of the
>>NSA or the Illuminati. In the view that "you are your key," the old you no
>>longer exists.
>
>This is true, but the "old you" can be resurrected if you can get enough
>people to believe your new key using any out-of-band means available
>to you.  You can also put a comment in your new key's uid explaining the

Could you explain how "enough people" can get around a basic
feature/limitation of the current PGP web of trust? Who, besides the
originator, can revoke an old key? How many does it take?

If a bunch of the "alleged" friends of Bruce could do this, could they not
revoke the key of someone they simply wish to hassle?

I agree that a new key can be generated, and a new "Please use this key,
not the other one" message sent, and this may work, but I don't believe
this revokes the old key and removes it from the keyservers. I could be
wrong, as I am certainly no expert on the keyservers.

The question is: is there a "majority vote" mode on the keyservers that
causes them to remove a key if enough people claim it is no longer valid?

--Tim May




We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."