1996-01-06 - Re: Revoking Old Lost Keys

Header Data

From: Alan Olsen <alano@teleport.com>
To: cypherpunks@toad.com
Message Hash: 6401fb150189eb1012e1de6e9876b830f237e77b96936fd80418d431b25c3d7d
Message ID: <2.2.32.19960106092022.009408f0@mail.teleport.com>
Reply To: N/A
UTC Datetime: 1996-01-06 09:32:59 UTC
Raw Date: Sat, 6 Jan 1996 17:32:59 +0800

Raw message

From: Alan Olsen <alano@teleport.com>
Date: Sat, 6 Jan 1996 17:32:59 +0800
To: cypherpunks@toad.com
Subject: Re: Revoking Old Lost Keys
Message-ID: <2.2.32.19960106092022.009408f0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 03:10 AM 1/6/96 +0000, Michael C. Peponis wrote:

>On  5 Jan 96 , Bruce Baugh wrote:

>Another problem, let's say I get your public key from Bob, who signed 
>your key, and Bob knows you have revoked your key, but I don't, so 
>what happens to my copy of your key? 
>
>Since there is no revokation certificate, I am forced to take Bob's 
>word that you have indeed want to revoke your key, but have no way of 
>verifying that without talking to you, and agin I have to go through 
>the same verification process that Bob did.

I know Bruce and his problem is quite real.  I happened to have the three keys
that he is wanting to revoke in my keyring.  (And one of them he had forgotten
he had made at all.)  It would be nice if there was a way to use the "web of
trust" to certify a key revokation in the same way that one signs a key.
Basically get a couple of your friends who are accepted in the crypto community
and have them vouch for the actual loss of the key(s).  It would certainly help
patch the problem.  (It might open up things for spoofing anyways.  There would
have to be a way of overriding such a thing with the real key, but that would
require the passphrase.  (Which should be available if not lost.)) An idea at
least...



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMO495OQCP3v30CeZAQHObQf/VtMoPzpBqx9wU2rsrHkMc5K4LF2PbZdj
QboPyoR0c56zIGPiDDoRed4aiy8ylBlPjEGdSeLjoVysbY+yfWz1GDzsrmsdNw9G
tAE7DxX88kk9ym4ixy+3CIsFqKrHn1CBh64DAsoJzXRLgwEhPENLmqf0VXgRkYnI
Dd7UE3fF15sMEEVdGYXBqEy7r3e83R9dW7ap/z8wy/sM5U8pzo0SwRrqEFVNe2/g
8rYDF8uFgDjbCrU60UVqFq3ipRbGDBGMI9xSLqpSkBHuSOk0si3sNqvSM09WuWFE
LjkrVWPvZNaw1DbuQT7v2FTXNrNnfBsVH9MicM2fednOV0Fe7ZIoZg==
=sT8b
-----END PGP SIGNATURE-----
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
"Governments are potholes on the Information Superhighway." - Not TCMay






Thread