1996-05-11 - Re: Transitive trust

Header Data

From: Steve Reid <root@edmweb.com>
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Message Hash: 51c4fb9fd07c710fe9c28b6e1ad45f6da2f31385214b75cbafee73aa2b6e72ba
Message ID: <Pine.BSF.3.91.960510123153.165C-100000@bitbucket.edmweb.com>
Reply To: <Pine.SUN.3.91.960509213411.632B-100000@dorsai>
UTC Datetime: 1996-05-11 04:45:09 UTC
Raw Date: Sat, 11 May 1996 12:45:09 +0800

Raw message

From: Steve Reid <root@edmweb.com>
Date: Sat, 11 May 1996 12:45:09 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: Transitive trust
In-Reply-To: <Pine.SUN.3.91.960509213411.632B-100000@dorsai>
Message-ID: <Pine.BSF.3.91.960510123153.165C-100000@bitbucket.edmweb.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

> > affected. Clearly, it should be possible to remove your signature from 
> > someone's key.

> But it is - it's a pain in the ass, but you can always revoke your own 
> key and generate a new one, then sign everyone's keys whom you've signed 
> as trusted, EXCEPT the one you wish to revoke.

PITA, indeed... Not only do you have to re-sign everyone's keys, you also
have to have your key re-signed. When simply changing keys (eg. for a
larger keysize) it's usually sufficent to sign your new key with your old
one, but if you're revoking your old key, the signature won't really mean
anything. I suppose you could sign a message with your old key, saying
"I'm switching keys, here is my new key, please sign it.", and after you
have some signatures on the new key, revoke the old key.
 
> > What it all comes down to is reputation. Protect your reputation, and 
> > you could make a living on your reputation alone.

> Ah, but first you have to build yourself a reputation before you can live
> off it alone.  :) That includes doing cool things other than building
> reputations by signing keys.

I agree, but in the context of key signing, your key signing reputation is
all that really matters. I would accept a key signed by Bozo the Clown, if
Bozo did the proper research into the keys he signs and has never signed a
bogus key. Of course, being well-known for other reasons would help people
to remember your name. :)

======================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)     |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/  |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E6 8C09EC52443F8830 |
|                -- Disclaimer: JMHO, YMMV, IANAL. --                |
====================================================================:)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQEVAwUBMZLVpdtVWdufMXJpAQHrsgf/d2SiWQ1rDdduGlQc0zUPGIa05E4RTTZ5
ixX3h5bMU6ZARtJByRLsg0pof8quWA9AaE3FDgMPrN/5nejvKEMwY6OE6XpPGOxw
YbQD5+DRYNiQ7jAxIkF3eASbta9E2VbuKdEDAi6fMUS6gGQSlLeRnMT6Vn+YWQHX
Nbc9yIgx086+w0T8vED9AhKL0DK8sQdKNYV6OXnhw8O0WmADMxj5tox7W3i/9ygP
GdouA9iEKt1i00z0s/fQnxxGf45SYKD7pwGEGnQ9zXkQ34NVCo2f0Ge0F7aAkK/2
OZlAVQYLTs82Skmt+dU3wr2vsfmI+qPukakoyk1JoDP2OkZ+oqY89Q==
=74c6
-----END PGP SIGNATURE-----





Thread