1994-04-28 - Re: PGP Question:

Header Data

From: “Istvan Oszaraz von Keszi” <vkisosza@acs.ucalgary.ca>
To: warlord@MIT.EDU (Derek Atkins)
Message Hash: af1a4cd59967de9b82c8ab1ed688a36d97a6c26b988e4cd6b00c4717b286f98c
Message ID: <9404282312.AA33925@acs5.acs.ucalgary.ca>
Reply To: <9404282231.AA06681@toxicwaste.media.mit.edu>
UTC Datetime: 1994-04-28 23:09:54 UTC
Raw Date: Thu, 28 Apr 94 16:09:54 PDT

Raw message

From: "Istvan Oszaraz von Keszi" <vkisosza@acs.ucalgary.ca>
Date: Thu, 28 Apr 94 16:09:54 PDT
To: warlord@MIT.EDU (Derek Atkins)
Subject: Re: PGP Question:
In-Reply-To: <9404282231.AA06681@toxicwaste.media.mit.edu>
Message-ID: <9404282312.AA33925@acs5.acs.ucalgary.ca>
MIME-Version: 1.0
Content-Type: text/plain

Derek Atkins wrote:

> There are a number or real reasons.  Maybe you got coerced into
> signing they key, or you think that maybe the key was signed
> incorrectly, or maybe that person no longer uses that email address,
> because they lost the account, or that maybe you don't believe that
> the binding of key to userID is valid for any number of reasons.

Uhh, right.  But all a person has to do is issue a key revocation
certificate.  Now if someone CAN'T issue a signed certificate, then
that is a problem.  

And a good problem to have.  Otherwise how would we know that a
revocation is valid?

Then again just create a new key and get the key signed.  You can
carry a key with you from email address to email address.  You 
can edit your own user id, with I believe pgp -ke.  If you do
have to get a "brand new key" cut, you can get your key signed by
someone over the phone, (that is if you trust the phone :-),

But if no one trust you over the phone, your SOL, unless of
course you had someone sign your keys and not just your key, 
in which case there really isn't a big problem.  

A gram of prevention is worth a whole hell of a lot.

Did you say you were at MIT?