David Shaw
Wed Sep 3 20:16:02 2003

On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote:
> --desig-revoke
>                  Generate a designated revocation certificate for a
>                  key.  This allows a user (with the permission of
>                  the keyholder) to revoke someone elses key.
> Is this a possible solution for revoking old keys that are simply
> out of use, including those where the secret key has been lost?

Yes.  That is one of the intended uses of designated revocations.

> How does the keyholder authorise this remote revocation?

They must authorize it ahead of time - essentially this is a special
signature added by the keyholder which authorizes a particular key to
issue revocations.  Note that the keyholder needs their secret key to
issue the authorization, so designated revocation doesn't magically
fix the problem of a lost secret key.

> If the secret key is still required, it can only be exported from a
> working GnuPG installation, so why the need for the remote option?

This lets someone revoke someone elses key, in effect (though with the
permission of the keyholder).  This is useful for companies with many
employee keys - rather than escrowing a revocation certificate for
thousands of employees, they can just be a designated revoker for
those keys.  Another example would be to appoint a trusted friend as
your designated revoker.  If something happens to you, they can then
revoke your key (which, presumably, you would be in no shape to do).