[7769] in cryptography@c2.net mail archive
Re: reflecting on PGP, keyservers, and the Web of Trust
daemon@ATHENA.MIT.EDU (Ray Dillinger)
Wed Sep 6 10:52:25 2000
Date: Wed, 6 Sep 2000 07:09:01 -0700 (PDT)
From: Ray Dillinger <bear@sonic.net>
To: Ted Lemon <mellon@nominum.com>
Cc: cryptography@c2.net
In-Reply-To: <200009060538.e865cgC01644@grosse.bisbee.fugue.com>
Message-ID: <Pine.LNX.4.21.0009060705250.2500-100000@bolt.sonic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 5 Sep 2000, Ted Lemon wrote:
>
>If you sign the revocation certificate in the compromised key, then
>the only way it can get revoked is if the owner of the key revokes it
>or it's been compromised...
>
> _MelloN_
This is true, and that's a *sufficient* condition for a revocation.
I don't know about you though, but my keyring exists in only two
copies -- the Red Diskette and the Blue Diskette. If someone
manages to grab both Diskettes, I won't be able to use the key
to issue a revocation certificate. So I would prefer to work with
a CA where it is not a *necessary* condition for a revocation.
Bear
