PGP Question:
Istvan Oszaraz von Keszi
vkisosza at acs.ucalgary.ca
Thu Apr 28 15:14:52 PDT 1994
Derek Atkins wrote:
> What should be available (although it is not implemented) is a userID
> revocation, where you can basically send out a messages that will
> remove userIDs from a key. Then again, signature revocations should
> be implemented as well...
Sorry Derek, you lost me on this one. Why should there be
signature revocations? When you sign a key, all you are vouching
for is the integrity of the key, and not the integrity of the
key issuer. At least that was my understanding. When would a
signature revocation be necessary? The only time I can think of
a use for this, is if someone has signed a key indiscriminately,
in which case you shouldn't be trusting the validity of any of
the signatory's signatures, since their signatures are
untrustworthy.
If I'm erring in some way, could someone please clairfy?
>
More information about the cypherpunks-legacy
mailing list