'sensitive' designated revoker -- are the keyservers still aware?

Atom Smasher atom at smasher.org
Thu Feb 1 23:14:22 CET 2007

On Thu, 1 Feb 2007, vedaal at hush.com wrote:

> why must the identity be revealed at all, if the key-owner who 
> designated the revoker doesn't want it to be?
> it doesn't add to the security to know who revoked it, (whoever it as, 
> it was someone the 'key-owner' decided it should be) it only compromises 
> the revoker and/or key owner, as the revoker may become a target to 
> revoke the original key-owner's replacement key

if that's a concern... bob wants to designate alice as a revoker, but bob 
[or alice] doesn't want to reveal that alice is the desiganted revoker, 
even if his key is revoked. the solution is for bob to generate a 
revocation certificate, encrypt it to alice, and send it to alice with 
instructions about if/when to publish it. this basically serves the same 
purpose, but doesn't necessarily reveal that alice was the designated 

a variation could break the revocation certificate into shares, requiring 
any number of "secret revokers" to assemble the revocation certificate.


  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"They tell us that we live in a great free republic;
 	 that our institutions are democratic; that we are
 	 a free and self-governing people. That is too much,
 	 even for a joke. Wars throughout history have been
 	 waged for conquest and plunder. And that is war in
 	 a nutshell. The master class has always declared
 	 the wars; the subject class has always fought the
 		-- Eugene V. Debs, 1918

More information about the Gnupg-users mailing list