Jon Callas wrote :
I think the revocation problem is the major problem with *all* architectures.
Not necessarily if you use a non key-centric approach.
If you develop a system that goes around this, then the key is
not the principal...
I disagree. One of the things that I want to see in PGP is an
"I-used-to-be" certificate. With proper setup of one of those, you have a
(not to stir up the semantic flames again)
I know this is kind of semantic BS, but the above is not a
key-as-principal system (key-centric is another term used to describe
this). I was referring to key-centric systems when I stated that
"you can't solve revocation in a key-as-principal system".
(supporting both 'revoked-key centric' and 'key-centric' means that
you are in actual fact supporting tagged-centric systems which
means that they aren't key-centric, they are tag-centric and that
the tags just happen to refer to keys :-))
I guess this should all be taken with the original message in mind,
which was one in which a poster mentioned something like "wouldn't
it be great if the whole PKI was based on hashing someone's key"...