From: IN%"sunder@dorsai.dorsai.org" "Ray Arachelian" 10-MAY-1996 16:37:22.44

But it is - it's a pain in the ass, but you can always revoke your own key and generate a new one, then sign everyone's keys whom you've signed as trusted, EXCEPT the one you wish to revoke.

Well... that has the problem that all the signatures on your old key won't transfer, so far as I know. Now, this may have the good effect of decreasing the effective reputation of anyone who goofs and needs to revoke a signature (and of causing people to check more carefully when first signing)... but it's also a motivation not to check carefully _after_ the first time (you might need to revoke it). This balance is also present about other reasons to revoke a key - on the one hand, someone who frequently revokes keys may not be keeping up with them very well, and thus should not be trusted. On the other hand, it may be someone who changes them on a regular basis for security (a reason to keep a master key to sign your key with & vice-versa, then get signatures on it) or someone who is keeping a sharp eye out for violations and will revoke a key whenever they suspect a problem. -Allen