-----BEGIN PGP SIGNED MESSAGE----- On 5 Jan 96 , Bruce Baugh wrote:

I'd like to bring up a problem I haven't seen addressed much yet, and which I think is going to come up with increasing frequency as PGP use spreads.

The problem is this: how can one spread the word that an old key is no longer to be used when one no longer has the pass phrase, and cannot therefore create a revocation certificate?

It's an administrative nightmare. I assume that you mean if the key is widley distributed. If it's only circulating among a small group of people that know each other, no problem. If it's widley distributed, or on a keyserver, that becomes hard. First you would have to be authenticated as the origional key owner, ie how do I realy know that you are you, and not somebody saying you are the orgional key owner? Another problem, let's say I get your public key from Bob, who signed your key, and Bob knows you have revoked your key, but I don't, so what happens to my copy of your key? Since there is no revokation certificate, I am forced to take Bob's word that you have indeed want to revoke your key, but have no way of verifying that without talking to you, and agin I have to go through the same verification process that Bob did. Good topic. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMO2+BkUffSIjnthhAQFPuQP7BOBJTkqInT4nIAQ7ity4/AutSn9QusFx FdG6iPQVG11fp2BbGtDeQMSgaFUDxXm99Oim/VINGWDmbMWhcWTAXDPpYrd2+bjH Q9/SNs+5akQc+bbojqIjDoXas/5LL4VvbrEeSOvklpKg+GrCleJYqN+Mh2aY35ZL 04GLVJJLzSo= =Xr5x -----END PGP SIGNATURE----- Regards, Michael Peponis PGP Key Avalible form MIT Key Server Key fingerprint = DD 39 66 3D AE DE 71 C2 B6 DA B2 3F 47 2A EB AC