[Top] [All Lists]

Re: Key server preferences

2000-04-05 10:09:38
Another thing the keyservers should allow is importing a key revocation
packet even if the sender is not able to authenticate himself as knowing
the private key.  We used to recommend making a key revocation packet at
creation time so that the key could be revoked even if the passphrase
is forgotten.  It would be important for the server to accept the key
revocation in this circumstance.

(You could argue that since the key revocation packet is signed by the
key, that is proof that it comes from the key holder and hence should
be accepted under a straighforward reading of the rfc.  But then that
would imply that all self-sigs from the key holder should be added,
and that might not always be his intention.)


<Prev in Thread] Current Thread [Next in Thread>