Instead of multiple users sharing a key, what if they just shared the
passphrase,
and the signature done with a passphrase string-to key as in conventional
encryption, rather than with an actual key?
The passphrase could be changed regularly and put up as a webpage or post, that
was simultaneously encrypted to different users' public keys.
This way, there would be no revocation issues, as a revoked key could still be
used for decryption, and so, some form of repudiable signatures could be
achieved.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp