Certs by a revoked key
Mon Feb 24 20:55:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
> There is when there is no reliable way to tell the difference
> between "retired" and "compromised", or more specifically
> "compromised after retirement".
I take it this is because multiple revocation certs are not
supported. Is this the case? Or, is this based on an assumption that
after a key is retired, it could be compromised and the legitimate
owner wouldn't notice?
In either case, this might be an issue to take up on the IETF-OpenPGP
mailing list. If there are significant flaws with handling
revocations the way the RFC lists, then it should be updated.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
-----END PGP SIGNATURE-----