'sensitive' designated revoker -- are the keyservers still aware?
snowcrash+gnupg-users
schneecrash+gnupg-users at gmail.com
Thu Feb 1 21:12:14 CET 2007
> When exporting a key that has a sensitive designated
> revoker set, the key is exported, but the designated revoker
> information is not included. Anyone looking at the key from the
> outside cannot tell the difference between this state, and no
> designated revoker set at all. However, if the designated revoker has
> in fact revoked the key, then the designated revoker information IS
> included, along with the revocation.
>
> The idea behind this is that the relationship between the designated
> revoker and the key owner is sensitive, and so we must not reveal the
> identity designated revoker until we absolutely must (i.e. when they
> actually revoke the key).
that, actually, is what i was hoping to hear/learn. :-)
thanks for the clarification!
More information about the Gnupg-users
mailing list