From: “Michael C. Peponis” <mianigand@unique.outlook.net>
To: cypherpunks@toad.com
Message Hash: 1517288c73e24359931c54850b019dfb9b7ec006929f29dbec4be11debabd5b3
Message ID: <199601060759.BAA03401@unique.outlook.net>
Reply To: N/A
UTC Datetime: 1996-01-06 14:40:55 UTC
Raw Date: Sat, 6 Jan 1996 22:40:55 +0800
From: "Michael C. Peponis" <mianigand@unique.outlook.net>
Date: Sat, 6 Jan 1996 22:40:55 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601060759.BAA03401@unique.outlook.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
On 5 Jan 96 , Bruce Baugh wrote:
> I'd like to bring up a problem I haven't seen addressed much yet, and which
> I think is going to come up with increasing frequency as PGP use spreads.
>
> The problem is this: how can one spread the word that an old key is no
> longer to be used when one no longer has the pass phrase, and cannot
> therefore create a revocation certificate?
It's an administrative nightmare. I assume that you mean if the key
is widley distributed. If it's only circulating among a small group
of people that know each other, no problem.
If it's widley distributed, or on a keyserver, that becomes hard.
First you would have to be authenticated as the origional key owner,
ie how do I realy know that you are you, and not somebody saying you
are the orgional key owner?
Another problem, let's say I get your public key from Bob, who signed
your key, and Bob knows you have revoked your key, but I don't, so
what happens to my copy of your key?
Since there is no revokation certificate, I am forced to take Bob's
word that you have indeed want to revoke your key, but have no way of
verifying that without talking to you, and agin I have to go through
the same verification process that Bob did.
Good topic.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMO2+BkUffSIjnthhAQFPuQP7BOBJTkqInT4nIAQ7ity4/AutSn9QusFx
FdG6iPQVG11fp2BbGtDeQMSgaFUDxXm99Oim/VINGWDmbMWhcWTAXDPpYrd2+bjH
Q9/SNs+5akQc+bbojqIjDoXas/5LL4VvbrEeSOvklpKg+GrCleJYqN+Mh2aY35ZL
04GLVJJLzSo=
=Xr5x
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server
Key fingerprint = DD 39 66 3D AE DE 71 C2 B6 DA B2 3F 47 2A EB AC
Return to January 1996
Return to ““Michael C. Peponis” <mianigand@unique.outlook.net>”
1996-01-06 (Sat, 6 Jan 1996 22:40:55 +0800) - Re: Revoking Old Lost Keys - “Michael C. Peponis” <mianigand@unique.outlook.net>