'sensitive' designated revoker -- are the keyservers still aware?

vedaal at hush.com vedaal at hush.com
Thu Feb 1 21:21:02 CET 2007

David Shaw dshaw at jabberwocky.com wrote on
Thu Feb 1 21:04:27 CET 2007

>The idea behind this is that the relationship 
>between the designated revoker and the key owner is sensitive, 
> and so we must not reveal the identity designated revoker 
>until we absolutely must 
>(i.e. when they actually revoke the key).

why must the identity be revealed at all,
if the key-owner who designated the revoker doesn't want it to be?

it doesn't add to the security to know who revoked it,
(whoever it as, it was someone the 'key-owner' decided it should be)
it only compromises the revoker and/or key owner, as the revoker
may become a target to revoke the original key-owner's replacement 

not a big deal,
just curious as to why it was done this way

there is a very simple workaround for anyone uncomfortable with it:

the designated revoker doesn't have to be a 'person',
it just has to be another 'key'
which can have a fictitious name, 
and given to the person who is trusted to do the revoking when 


Concerned about your privacy? Instantly send FREE secure email, no account required

Get the best prices on SSL certificates from Hushmail

More information about the Gnupg-users mailing list