-----BEGIN PGP SIGNED MESSAGE----- At 03:10 AM 1/6/96 +0000, Michael C. Peponis wrote:

On 5 Jan 96 , Bruce Baugh wrote:

Another problem, let's say I get your public key from Bob, who signed your key, and Bob knows you have revoked your key, but I don't, so what happens to my copy of your key?

Since there is no revokation certificate, I am forced to take Bob's word that you have indeed want to revoke your key, but have no way of verifying that without talking to you, and agin I have to go through the same verification process that Bob did.

I know Bruce and his problem is quite real. I happened to have the three keys that he is wanting to revoke in my keyring. (And one of them he had forgotten he had made at all.) It would be nice if there was a way to use the "web of trust" to certify a key revokation in the same way that one signs a key. Basically get a couple of your friends who are accepted in the crypto community and have them vouch for the actual loss of the key(s). It would certainly help patch the problem. (It might open up things for spoofing anyways. There would have to be a way of overriding such a thing with the real key, but that would require the passphrase. (Which should be available if not lost.)) An idea at least... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMO495OQCP3v30CeZAQHObQf/VtMoPzpBqx9wU2rsrHkMc5K4LF2PbZdj QboPyoR0c56zIGPiDDoRed4aiy8ylBlPjEGdSeLjoVysbY+yfWz1GDzsrmsdNw9G tAE7DxX88kk9ym4ixy+3CIsFqKrHn1CBh64DAsoJzXRLgwEhPENLmqf0VXgRkYnI Dd7UE3fF15sMEEVdGYXBqEy7r3e83R9dW7ap/z8wy/sM5U8pzo0SwRrqEFVNe2/g 8rYDF8uFgDjbCrU60UVqFq3ipRbGDBGMI9xSLqpSkBHuSOk0si3sNqvSM09WuWFE LjkrVWPvZNaw1DbuQT7v2FTXNrNnfBsVH9MicM2fednOV0Fe7ZIoZg== =sT8b -----END PGP SIGNATURE----- Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction `finger -l alano@teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "Governments are potholes on the Information Superhighway." - Not TCMay