On Wed, 8 May 1996, Steve Reid wrote:
When you sign a key, you are placing your reputation on the line, so you must be certain that the level of trust you're placing is appropriate. But what happens when someone goes rogue and ignores credentials, and signs keys of anyone who is willing to pay the price? You would regret signing the rogue person's key. So, IT SHOULD BE POSSIBLE TO REVOKE TRUST, in order to protect your own reputation.
PGP currently only allows a person to revoke their own key. Most people would revoke their key if it were stolen, to protect their own reputation. However, some people may be unwilling or unable to revoke their own key, and if you signed that key, your reputation may be affected. Clearly, it should be possible to remove your signature from someone's key.
But it is - it's a pain in the ass, but you can always revoke your own key and generate a new one, then sign everyone's keys whom you've signed as trusted, EXCEPT the one you wish to revoke.
What it all comes down to is reputation. Protect your reputation, and you could make a living on your reputation alone.
Ah, but first you have to build yourself a reputation before you can live off it alone. :) That includes doing cool things other than building reputations by signing keys. ========================================================================== + ^ + | Ray Arachelian |FH| KAOS KERAUNOS KYBERNETOS |==/|\== \|/ |sunder@dorsai.org|UE|__Nothing_is_true,_all_is_permitted!_|=/\|/\= <--+-->| --------------- |CC|What part of 'Congress shall make no |=\/|\/= /|\ | Just Say |KD|law abridging the freedom of speech' |==\|/== + v + | "No" to the NSA!|TA| do you not understand? |======= ===================http://www.dorsai.org/~sunder/========================= Obscenity laws are the crutches of inarticulate motherfuckers-Fuck the CDA