From: sico@aps.hacktic.nl (Sico Bruins)
Date: Fri, 29 Apr 94 14:20:07 PDT
To: cypherpunks@toad.com
Subject: PGP Question:
In-Reply-To: <9404282352.AA07123@toxicwaste.media.mit.edu>
Message-ID: <e3f_9404292153@apsf.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



Friday April 29 1994 01:52, Derek Atkins wrote:

 DA> From: Derek Atkins <warlord@MIT.EDU>
 DA> Subject: Re: PGP Question:
 DA> Message-Id: <9404282352.AA07123@toxicwaste.media.mit.edu>
 DA> Date: Thu, 28 Apr 94 19:52:01 EDT

[edited]

 DA> The point is that someone shouldn't NEED to revoke their key if all
 DA> they are doing is changing their email address.

Right, that's the point indeed.

 DA> What if the binding of the userID is a result of a position that you
 DA> hold... For example, I am the owner of a company and I sign people's
 DA> identifiers, saying that they are employees of mine, and possibly what
 DA> their position is.  Now say I fire someone, I want to be able to
 DA> revoke my signature since the binding is no longer valid!  But I
 DA> shouldn't need to force them to generate a new key.

But here I disagree. Should one wish to use PGP to assert something *other*
than that a certain PGP public key really belongs to someone, then write a
message and sign *that*. I'm not sure if I really understand you here, your
phrasing ("people's identifiers") is a bit unclear.

CU,  Sico (sico@aps.hacktic.nl).

[PGP public key:]
bits/keyID   Date       User ID
1024/5142B9 1992/09/09  Sico Bruins <Fido: 2:280/404>
     Key fingerprint =  16 9A E1 12 37 6D FB 09  F6 AD 55 C6 BB 25 AC 25
                        (InterNet: sico@aps.hacktic.nl)