1996-01-07 - Re: Revoking Old Lost Keys

Header Data

From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 83cdaa79742bc49263c427eddc5f96d2980f3ac411152fc197869f352dab2359
Message ID: <199601070721.CAA03941@UNiX.asb.com>
Reply To: N/A
UTC Datetime: 1996-01-07 16:34:27 UTC
Raw Date: Mon, 8 Jan 1996 00:34:27 +0800

Raw message

From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 8 Jan 1996 00:34:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601070721.CAA03941@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 6 Jan 1996 09:47:16 -0000, "Frank O'Dwyer" <fod@brd.ie> wrote:

[..]
>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess).  In any case, it's not really strong enough, 
>since what it says is "I retract all my previous statements that this key is 
>related to this user".  This'd mean that you'd have to visit everyone who'd ever 
>signed your key and get them to issue this retraction. What would be needed 
>for this problem is either an "anti-certificate" ("This key does not belong to this 
>user"), or else some convention. For example, if two _trusted_ keys are found for the 
>same uid, the most recent one could be chosen, and the earlier one be purged 
>from keyservers, etc.  This may be possible with current PGP.  I haven't tried it, 
>but since I have some keys which have fallen into disuse, I will need to do so 
>sometime.).

Revocation of signatures is a good thing, but beware of
anti-certificates, since one can create a nasty web of affirmations
and denaials that is unresolvable. (Yes, literally from Logic 101
classes about paradoxes....)








Thread