[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Revoking Old Lost Keys



On Sat, 6 Jan 1996 09:47:16 -0000, "Frank O'Dwyer" <[email protected]> wrote:

[..]
>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess).  In any case, it's not really strong enough, 
>since what it says is "I retract all my previous statements that this key is 
>related to this user".  This'd mean that you'd have to visit everyone who'd ever 
>signed your key and get them to issue this retraction. What would be needed 
>for this problem is either an "anti-certificate" ("This key does not belong to this 
>user"), or else some convention. For example, if two _trusted_ keys are found for the 
>same uid, the most recent one could be chosen, and the earlier one be purged 
>from keyservers, etc.  This may be possible with current PGP.  I haven't tried it, 
>but since I have some keys which have fallen into disuse, I will need to do so 
>sometime.).

Revocation of signatures is a good thing, but beware of
anti-certificates, since one can create a nasty web of affirmations
and denaials that is unresolvable. (Yes, literally from Logic 101
classes about paradoxes....)