Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Tue Jan 16 17:47:45 CET 2018

On 01/16/2018 05:26 PM, Peter Lebbing wrote:
> A mechanism where you can have a signed statement saying
> "on 2018-01-16, I allow my key to show up on keyservers", and a signed
> statement saying "from 2018-04-01 on you should no longer expose this
> key to clients"

I'm somewhat interested in hearing how this scheme would work in the
case of a compromised private key. Mainly;

(i) How would you distribute revocation certificates
(ii) Would you trust a signature for removal of keyblock provided to the
keyserver (a) after a revocation certificate has been added (b) before a
revocation has been added (as measured on the specific keyserver).
(iii) iff (ii)(a) and (ii)(b) differ; how would you handle a sync
conflict of said data?

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"If you don't drive your business, you will be driven out of business"
(B. C. Forbes)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180116/4e5efcbe/attachment.sig>

More information about the Gnupg-users mailing list