-----BEGIN PGP SIGNED MESSAGE----- I've looked in the docs for the answer but it is successful in evading me. My question: I have changed my ID string from my name to my name "-1024" and "-512" to differentiate between the different keys I have. Of course, using the -ke to do this has added a "Also known as" to my key. Since my name is the same in both and the mentioned keysizes are all that have changed I'd like to remove the AKA. Can I do this? If so how? Thanks, Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims@mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLb19ClZo7sR6KUT1AQFQwwP8Cg1tHgG3vSOO07YtGOjrJcgKWe/9Pyr3 IKtIRV0msg8pp1RrTwp/rDiWi11DG3VxAYWbZZ8Fnf8Y5prPRCwL5vGs2WZqFoXi rMSQCxlacUBt4hbzeQQ9IzzYgA8+9YTP9RIVY9k+sd1iu9tsIcP8yjPDJ9jcBgpb BEyCWAPDpXQ= =XMdl -----END PGP SIGNATURE-----
Tuesday April 26 1994 22:46, "Jim Sewell": "S> From: "Jim Sewell" <jims@Central.KeyWest.MPGN.COM> "S> Message-Id: <9404262046.AA00927@Central.KeyWest.MPGN.COM> "S> Date: Tue, 26 Apr 1994 16:46:37 -0400 (EDT) [edited] "S> as" to my key. Since my name is the same in both and the "S> mentioned keysizes are all that have changed I'd like to remove "S> the AKA. Can I do this? If so how? That's a big problem with PGP, so before you go experimenting first backup your key. When I tried editing an aka on mine (my email address had changed) I lost other people's signatures on my key. :-( CU, Sico (sico@aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins <Fido: 2:280/404> Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico@aps.hacktic.nl)
That's a big problem with PGP, so before you go experimenting first backup your key. When I tried editing an aka on mine (my email address had changed) I lost other people's signatures on my key. :-(
This makes sense.. A signature is a binding between a key and a userID. If you remove that userID, then clearly the signatures binding that userID to the key should be removed as well, since otherwise they are binding nothing. What should be available (although it is not implemented) is a userID revocation, where you can basically send out a messages that will remove userIDs from a key. Then again, signature revocations should be implemented as well... Hope this helps. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available
Derek Atkins wrote:
What should be available (although it is not implemented) is a userID revocation, where you can basically send out a messages that will remove userIDs from a key. Then again, signature revocations should be implemented as well...
Sorry Derek, you lost me on this one. Why should there be signature revocations? When you sign a key, all you are vouching for is the integrity of the key, and not the integrity of the key issuer. At least that was my understanding. When would a signature revocation be necessary? The only time I can think of a use for this, is if someone has signed a key indiscriminately, in which case you shouldn't be trusting the validity of any of the signatory's signatures, since their signatures are untrustworthy. If I'm erring in some way, could someone please clairfy?
Sorry Derek, you lost me on this one. Why should there be signature revocations? When you sign a key, all you are vouching
There are a number or real reasons. Maybe you got coerced into signing they key, or you think that maybe the key was signed incorrectly, or maybe that person no longer uses that email address, because they lost the account, or that maybe you don't believe that the binding of key to userID is valid for any number of reasons. That is why signature revocations should exist. Comments? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available
Derek Atkins wrote:
There are a number or real reasons. Maybe you got coerced into signing they key, or you think that maybe the key was signed incorrectly, or maybe that person no longer uses that email address, because they lost the account, or that maybe you don't believe that the binding of key to userID is valid for any number of reasons.
Uhh, right. But all a person has to do is issue a key revocation certificate. Now if someone CAN'T issue a signed certificate, then that is a problem. And a good problem to have. Otherwise how would we know that a revocation is valid? Then again just create a new key and get the key signed. You can carry a key with you from email address to email address. You can edit your own user id, with I believe pgp -ke. If you do have to get a "brand new key" cut, you can get your key signed by someone over the phone, (that is if you trust the phone :-), But if no one trust you over the phone, your SOL, unless of course you had someone sign your keys and not just your key, in which case there really isn't a big problem. A gram of prevention is worth a whole hell of a lot. Did you say you were at MIT?
Uhh, right. But all a person has to do is issue a key revocation certificate. Now if someone CAN'T issue a signed certificate, then that is a problem.
The point is that someone shouldn't NEED to revoke their key if all they are doing is changing their email address. What if the binding of the userID is a result of a position that you hold... For example, I am the owner of a company and I sign people's identifiers, saying that they are employees of mine, and possibly what their position is. Now say I fire someone, I want to be able to revoke my signature since the binding is no longer valid! But I shouldn't need to force them to generate a new key.
Did you say you were at MIT?
This is a joke, right? -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available
Friday April 29 1994 01:52, Derek Atkins wrote: DA> From: Derek Atkins <warlord@MIT.EDU> DA> Subject: Re: PGP Question: DA> Message-Id: <9404282352.AA07123@toxicwaste.media.mit.edu> DA> Date: Thu, 28 Apr 94 19:52:01 EDT [edited] DA> The point is that someone shouldn't NEED to revoke their key if all DA> they are doing is changing their email address. Right, that's the point indeed. DA> What if the binding of the userID is a result of a position that you DA> hold... For example, I am the owner of a company and I sign people's DA> identifiers, saying that they are employees of mine, and possibly what DA> their position is. Now say I fire someone, I want to be able to DA> revoke my signature since the binding is no longer valid! But I DA> shouldn't need to force them to generate a new key. But here I disagree. Should one wish to use PGP to assert something *other* than that a certain PGP public key really belongs to someone, then write a message and sign *that*. I'm not sure if I really understand you here, your phrasing ("people's identifiers") is a bit unclear. CU, Sico (sico@aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins <Fido: 2:280/404> Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico@aps.hacktic.nl)
participants (4)
-
Derek Atkins -
Istvan Oszaraz von Keszi -
Jim Sewell -
sico@aps.hacktic.nl