1994-04-28 - Re: PGP Question:

Header Data

From: “Istvan Oszaraz von Keszi” <vkisosza@acs.ucalgary.ca>
To: warlord@MIT.EDU (Derek Atkins)
Message Hash: 5da605f2be8a27cf817d785e58d448ab83245a7d7c876352c142a595fd16af69
Message ID: <9404282217.AA58112@acs5.acs.ucalgary.ca>
Reply To: <9404282133.AA05939@toxicwaste.media.mit.edu>
UTC Datetime: 1994-04-28 22:14:52 UTC
Raw Date: Thu, 28 Apr 94 15:14:52 PDT

Raw message

From: "Istvan Oszaraz von Keszi" <vkisosza@acs.ucalgary.ca>
Date: Thu, 28 Apr 94 15:14:52 PDT
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: PGP Question:
In-Reply-To: <9404282133.AA05939@toxicwaste.media.mit.edu>
Message-ID: <9404282217.AA58112@acs5.acs.ucalgary.ca>
MIME-Version: 1.0
Content-Type: text/plain

Derek Atkins wrote:

> What should be available (although it is not implemented) is a userID
> revocation, where you can basically send out a messages that will
> remove userIDs from a key.  Then again, signature revocations should
> be implemented as well...

Sorry Derek, you lost me on this one.  Why should there be
signature revocations?  When you sign a key, all you are vouching
for is the integrity of the key, and not the integrity of the
key issuer.  At least that was my understanding.  When would a 
signature revocation be necessary?  The only time I can think of
a use for this, is if someone has signed a key indiscriminately,
in which case you shouldn't be trusting the validity of any of 
the signatory's signatures, since their signatures are

If I'm erring in some way, could someone please clairfy?