1996-05-11 - Re: Transitive trust

Header Data

From: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
To: sunder@dorsai.dorsai.org
Message Hash: 10b6be5c9ab5360fd3b3239b65a17fcdd357d63e7ebcb011ff17dada762c1a6c
Message ID: <01I4JT3ZWQSI8Y5C3E@mbcl.rutgers.edu>
Reply To: N/A
UTC Datetime: 1996-05-11 05:46:55 UTC
Raw Date: Sat, 11 May 1996 13:46:55 +0800

Raw message

From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 11 May 1996 13:46:55 +0800
To: sunder@dorsai.dorsai.org
Subject: Re: Transitive trust
Message-ID: <01I4JT3ZWQSI8Y5C3E@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"sunder@dorsai.dorsai.org"  "Ray Arachelian" 10-MAY-1996 16:37:22.44

>But it is - it's a pain in the ass, but you can always revoke your own 
>key and generate a new one, then sign everyone's keys whom you've signed 
>as trusted, EXCEPT the one you wish to revoke.
 
	Well... that has the problem that all the signatures on your old key
won't transfer, so far as I know. Now, this may have the good effect of
decreasing the effective reputation of anyone who goofs and needs to revoke
a signature (and of causing people to check more carefully when first
signing)... but it's also a motivation not to check carefully _after_ the
first time (you might need to revoke it). This balance is also present about
other reasons to revoke a key - on the one hand, someone who frequently revokes
keys may not be keeping up with them very well, and thus should not be trusted.
On the other hand, it may be someone who changes them on a regular basis for
security (a reason to keep a master key to sign your key with & vice-versa,
then get signatures on it) or someone who is keeping a sharp eye out for
violations and will revoke a key whenever they suspect a problem.
	-Allen





Thread