From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 83cdaa79742bc49263c427eddc5f96d2980f3ac411152fc197869f352dab2359
Message ID: <199601070721.CAA03941@UNiX.asb.com>
Reply To: N/A
UTC Datetime: 1996-01-07 16:34:27 UTC
Raw Date: Mon, 8 Jan 1996 00:34:27 +0800
From: wlkngowl@unix.asb.com (Mutatis Mutantdis)
Date: Mon, 8 Jan 1996 00:34:27 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: Revoking Old Lost Keys
Message-ID: <199601070721.CAA03941@UNiX.asb.com>
MIME-Version: 1.0
Content-Type: text/plain
On Sat, 6 Jan 1996 09:47:16 -0000, "Frank O'Dwyer" <fod@brd.ie> wrote:
[..]
>The PGP formats do allow for a 'revocation' certificate, but PGP doesn't
>implement it (yet, I guess). In any case, it's not really strong enough,
>since what it says is "I retract all my previous statements that this key is
>related to this user". This'd mean that you'd have to visit everyone who'd ever
>signed your key and get them to issue this retraction. What would be needed
>for this problem is either an "anti-certificate" ("This key does not belong to this
>user"), or else some convention. For example, if two _trusted_ keys are found for the
>same uid, the most recent one could be chosen, and the earlier one be purged
>from keyservers, etc. This may be possible with current PGP. I haven't tried it,
>but since I have some keys which have fallen into disuse, I will need to do so
>sometime.).
Revocation of signatures is a good thing, but beware of
anti-certificates, since one can create a nasty web of affirmations
and denaials that is unresolvable. (Yes, literally from Logic 101
classes about paradoxes....)
Return to January 1996
Return to “wlkngowl@unix.asb.com (Mutatis Mutantdis)”
1996-01-07 (Mon, 8 Jan 1996 00:34:27 +0800) - Re: Revoking Old Lost Keys - wlkngowl@unix.asb.com (Mutatis Mutantdis)