HOWTO Revoke a key without having any backup of the key pair
Wed Feb 13 21:31:02 2002
Interesting point. However, I think it points to the way out using existing
tools rather than anything new. Each signer can still revoke their
signature as long as they can be convinced that the original party is this
same person now asking for this favor. They should have records showing
proof of identity for the original party (photo ID at least) that can be
used to verify the identity of the person who lost their secret key. At a
minimum they should revoke their signature if they have any doubt about the
other person's key being compromised. You would end up with a key that
shows revoked signatures.
From: Chris Niekel [mailto:firstname.lastname@example.org]
Sent: Wednesday, February 13, 2002 11:11 AM
> > Unfortunatelly, I haven't done such a revocation certificate :(
> > Someone somewhere must exist to give me some help on this :)
> If you don't have a revocation certificate, there is no way to mark
> your key as invalid. And the administrators of the keyservers will not
> remove your key. Why? Because there is now way to verify you as the
> valid owner of the key. They won't remove the key. (Not mentioning
I'm glad I made a revocation key. But the point that there's no way to
know it's you could be partially wrong.
If I have my key signed by another person, he knows the key is owned by
me. So he should be able to vouch that I own the key. Ofcourse, you
can't trust the signer to be speaking for the real person (he/she could
be speaking for you without you knowing), but maybe something that works
could be devised?
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.