Uhh, right. But all a person has to do is issue a key revocation certificate. Now if someone CAN'T issue a signed certificate, then that is a problem.
The point is that someone shouldn't NEED to revoke their key if all they are doing is changing their email address. What if the binding of the userID is a result of a position that you hold... For example, I am the owner of a company and I sign people's identifiers, saying that they are employees of mine, and possibly what their position is. Now say I fire someone, I want to be able to revoke my signature since the binding is no longer valid! But I shouldn't need to force them to generate a new key.
Did you say you were at MIT?
This is a joke, right? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available