'sensitive' designated revoker -- are the keyservers still aware?
vedaal at hush.com
vedaal at hush.com
Thu Feb 1 21:21:02 CET 2007
David Shaw dshaw at jabberwocky.com wrote on
Thu Feb 1 21:04:27 CET 2007
>The idea behind this is that the relationship
>between the designated revoker and the key owner is sensitive,
> and so we must not reveal the identity designated revoker
>until we absolutely must
>(i.e. when they actually revoke the key).
why must the identity be revealed at all,
if the key-owner who designated the revoker doesn't want it to be?
it doesn't add to the security to know who revoked it,
(whoever it as, it was someone the 'key-owner' decided it should be)
it only compromises the revoker and/or key owner, as the revoker
may become a target to revoke the original key-owner's replacement
key
(n.b.
not a big deal,
just curious as to why it was done this way
there is a very simple workaround for anyone uncomfortable with it:
the designated revoker doesn't have to be a 'person',
it just has to be another 'key'
which can have a fictitious name,
and given to the person who is trusted to do the revoking when
necessary)
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the Gnupg-users
mailing list