[Top] [All Lists]

Re: Revocation key difficulty

2002-02-27 12:29:19

Hash: SHA1

In my previous message, I mentioned the possibility of changing the
designated revoker language to resolve this issue, but I didn't mean
to recommend that.  In fact, I might argue that the ability to revoke
individual certifications is the only meaningful use of a designated

If I want to limit my designated revoker to flushing my whole
key, I can do that *much* more easily -- I can generate my
own revocation, and encrypt it to my designated revoker.
(If you're so afraid that your designee will lose the thing,
put it in a notation packet in another signature, and
ship it off to a keyserver for archiving. ;-)  Doing it that
way doesn't depend on everyone having my revoker's key for
verification, or even knowing who the revoker might be.
This seems so vastly superior to me that I can't imagine
using the designated revoker facility for this purpose.
(Am I missing something?)

But if I'm in the habit of making dubious signatures, and
want to let someone cancel specific ones, I would need to
give my designee an encrypted revocation certificate for
each of those as well.  Not impossible, but a little more
tedious.  The designated revoker encoding is more compact.

[You might ask: what kind of moron habitually issues questionable
signatures?  Perhaps an automated corporate ID generator.
Why designate a revoker?  You might want to destroy away the
generator's private key periodically, to prevent additional
certifications, but still want to be able to revoke things.
A pretty weak example, but the best I can offer.  Can anyone
else provide a stronger example?]

Version: PGP Personal Privacy 6.5.3