...

The question is: is there a "majority vote" mode on the keyservers that causes them to remove a key if enough people claim it is no longer valid?

No - it's too easy to attack. (It's also outside the scope of what the keyservers do - they're convenient ways to collect the data for the Web of Trust, but they're not trusted themselves.) Even if you wanted "A majority vote of people who've signed a given key" to revoke the key, that's easy to attack - you and your tentacles can all sign the victim's key, send the signatures to the keyservers, and now that you're the majority, you can all send in notes saying "please revoke victim@antinuke.org's key - he's an FBI plant". I'm not really satisfied with Matt's description of revocation that requires it to be done by a key's signers, not owner, though there are workarounds for most of the problems, though I agree that PGP's framework is deficient (not inadequate - it's still Pretty Good - but way underpowered.) One problem is that usually _you_ are the one who knows your key needs revoking (either you forgot the passphrase, or you know the computer it was on has been compromised, or whatever.) Under PolicyMaker, I guess the best way to implement this is to always sign your own key (since signers are the ones who revoke keys), and establish policies requiring unrevoked self-signatures. It may be difficult to implement Certificate Revocation Lists in a way that works well for your own keys, though, depending on why you want to revoke them. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281 # # "The price of liberty is eternal vigilance" used to mean us watching # the government, not the other way around....