'sensitive' designated revoker -- are the keyservers still aware?

snowcrash+gnupg-users schneecrash+gnupg-users at gmail.com
Thu Feb 1 21:12:14 CET 2007

> When exporting a key that has a sensitive designated
> revoker set, the key is exported, but the designated revoker
> information is not included.  Anyone looking at the key from the
> outside cannot tell the difference between this state, and no
> designated revoker set at all.  However, if the designated revoker has
> in fact revoked the key, then the designated revoker information IS
> included, along with the revocation.
> The idea behind this is that the relationship between the designated
> revoker and the key owner is sensitive, and so we must not reveal the
> identity designated revoker until we absolutely must (i.e. when they
> actually revoke the key).

that, actually, is what i was hoping to hear/learn. :-)

thanks for the clarification!

More information about the Gnupg-users mailing list