Revoking Old Lost Keys
Michael C. Peponis
mianigand at unique.outlook.net
Sat Jan 6 06:40:55 PST 1996
-----BEGIN PGP SIGNED MESSAGE-----
On 5 Jan 96 , Bruce Baugh wrote:
> I'd like to bring up a problem I haven't seen addressed much yet, and which
> I think is going to come up with increasing frequency as PGP use spreads.
>
> The problem is this: how can one spread the word that an old key is no
> longer to be used when one no longer has the pass phrase, and cannot
> therefore create a revocation certificate?
It's an administrative nightmare. I assume that you mean if the key
is widley distributed. If it's only circulating among a small group
of people that know each other, no problem.
If it's widley distributed, or on a keyserver, that becomes hard.
First you would have to be authenticated as the origional key owner,
ie how do I realy know that you are you, and not somebody saying you
are the orgional key owner?
Another problem, let's say I get your public key from Bob, who signed
your key, and Bob knows you have revoked your key, but I don't, so
what happens to my copy of your key?
Since there is no revokation certificate, I am forced to take Bob's
word that you have indeed want to revoke your key, but have no way of
verifying that without talking to you, and agin I have to go through
the same verification process that Bob did.
Good topic.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMO2+BkUffSIjnthhAQFPuQP7BOBJTkqInT4nIAQ7ity4/AutSn9QusFx
FdG6iPQVG11fp2BbGtDeQMSgaFUDxXm99Oim/VINGWDmbMWhcWTAXDPpYrd2+bjH
Q9/SNs+5akQc+bbojqIjDoXas/5LL4VvbrEeSOvklpKg+GrCleJYqN+Mh2aY35ZL
04GLVJJLzSo=
=Xr5x
-----END PGP SIGNATURE-----
Regards,
Michael Peponis
PGP Key Avalible form MIT Key Server
Key fingerprint = DD 39 66 3D AE DE 71 C2 B6 DA B2 3F 47 2A EB AC
More information about the cypherpunks-legacy
mailing list