On Tue, Sep 14, 1999 at 11:55:39PM +0200, Martin Schulze wrote: > Michael Stone wrote: > > Not really. What if the pgp key is compromised? The original owner can > > release a revocation certificate for the pgp key, but if someone creates > > a new gpg key that you sign based on the (compromised) pgp key then > > you've possibly validated a key that the original owner cannot revoke. > > That would be bad. > > So what do you propose? Not using any digital signing at all? How does that follow at all? Take a breath and calm down. > What if you fake your passport and it's not Mike Stone but Joe > Blair pretending to be you and I sign your key. That would be bad. Yes it would. What does that have to do with the scenario above? Mike Stone
Attachment:
pgp49iwLIRYBr.pgp
Description: PGP signature