[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

> > >    Again, no it isn't. How do they know that someone didn't
> > >    steal your pgp key?
> > > 
> > > How is this different from the question ``How does dinstall (or other
> > > person/program) know someone hasn't stolen [developer]'s PGP key?''
> > 
> > Because I can issue a key revocation if a key that I own is compromised.
> Why can you issue this revocation to the keyring for dinstall but not
> for the people who have signed your key?

But what if the person who *stole* my PGP key sent around the new
OpenPGP key for signature?  I can't revoke it, as I don't have the
secret key, and there is now a key going around which looks like it's
mine and there's nothing I can do about it.



  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
        Debian GNU/Linux Developer,  see http://www.debian.org/~jdg

Reply to: