Certs by a revoked key

[Richard Laager]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There is when there is no reliable way to tell the difference
> between "retired" and "compromised", or more specifically
> "compromised after retirement".

I take it this is because multiple revocation certs are not
supported. Is this the case? Or, is this based on an assumption that
after a key is retired, it could be compromised and the legitimate
owner wouldn't notice?

In either case, this might be an issue to take up on the IETF-OpenPGP
mailing list. If there are significant flaws with handling
revocations the way the RFC lists, then it should be updated.

Richard Laager

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPlp4yW31OrleHxvOEQICRACg3eTAos+ThxuAXAVBw65ZsInTzdIAoNQz
BWzzRtC6R6E07OD8x7Odah2b
=lIs4
-----END PGP SIGNATURE-----