desig-revoke

Neil Williams linux@codehelp.co.uk
Wed Sep 3 20:42:01 2003


--Boundary-02=_cajV/bIiaG0Hsz5
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 03 Sep 2003 7:17 pm, David Shaw wrote:
> On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote:
> They must authorize it ahead of time - essentially this is a special
> signature added by the keyholder which authorizes a particular key to
> issue revocations.  Note that the keyholder needs their secret key to
> issue the authorization, so designated revocation doesn't magically
> fix the problem of a lost secret key.

After reading a private reply to this post, it appears that the main proble=
m=20
is that some keyservers list the key as already revoked just because the=20
desig-revoke certificate is present.

Ooops. I can't afford for my key to appear revoked ahead of time.

(I looked at one of the hkp servers.)

> your designated revoker.  If something happens to you, they can then
> revoke your key (which, presumably, you would be in no shape to do).
>
> David

:-)

"Reports of my death have been greatly exaggerated."
MT

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3

--Boundary-02=_cajV/bIiaG0Hsz5
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/VjaciAEJSii8s+MRAkkuAKCPpGxoV3C/tKCZNvHIkT1DJff6fwCgk0pP
cDdamXY7NduMb2JCZG/3dqE=
=07Km
-----END PGP SIGNATURE-----

--Boundary-02=_cajV/bIiaG0Hsz5--