At 9:47 AM 1/6/96, Frank O'Dwyer wrote:

On Saturday, January 06, 1996 09:18, Timothy C. May[SMTP:tcmay@got.net] wrote:

...

Basically, you are screwed. Any revocation you attempt will not be trusted, as we will suspect the new "you" to be an attacker, perhaps an agent of the NSA or the Illuminati. In the view that "you are your key," the old you no longer exists.

This is true, but the "old you" can be resurrected if you can get enough people to believe your new key using any out-of-band means available to you. You can also put a comment in your new key's uid explaining the

Could you explain how "enough people" can get around a basic feature/limitation of the current PGP web of trust? Who, besides the originator, can revoke an old key? How many does it take? If a bunch of the "alleged" friends of Bruce could do this, could they not revoke the key of someone they simply wish to hassle? I agree that a new key can be generated, and a new "Please use this key, not the other one" message sent, and this may work, but I don't believe this revokes the old key and removes it from the keyservers. I could be wrong, as I am certainly no expert on the keyservers. The question is: is there a "majority vote" mode on the keyservers that causes them to remove a key if enough people claim it is no longer valid? --Tim May We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."