desig-revoke

David Shaw dshaw@jabberwocky.com
Wed Sep 3 20:59:02 2003


On Wed, Sep 03, 2003 at 07:44:44PM +0100, Neil Williams wrote:
Content-Description: signed data
> On Wednesday 03 Sep 2003 7:17 pm, David Shaw wrote:
> > On Wed, Sep 03, 2003 at 06:47:30PM +0100, Neil Williams wrote:
> > They must authorize it ahead of time - essentially this is a special
> > signature added by the keyholder which authorizes a particular key to
> > issue revocations.  Note that the keyholder needs their secret key to
> > issue the authorization, so designated revocation doesn't magically
> > fix the problem of a lost secret key.
> 
> After reading a private reply to this post, it appears that the main problem 
> is that some keyservers list the key as already revoked just because the 
> desig-revoke certificate is present.
> 
> Ooops. I can't afford for my key to appear revoked ahead of time.

I'm not sure what you mean here.  Can you give me an example?

David