-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In my previous message, I mentioned the possibility of changing the
designated revoker language to resolve this issue, but I didn't mean
to recommend that. In fact, I might argue that the ability to revoke
individual certifications is the only meaningful use of a designated
revoker.
If I want to limit my designated revoker to flushing my whole
key, I can do that *much* more easily -- I can generate my
own revocation, and encrypt it to my designated revoker.
(If you're so afraid that your designee will lose the thing,
put it in a notation packet in another signature, and
ship it off to a keyserver for archiving. ;-) Doing it that
way doesn't depend on everyone having my revoker's key for
verification, or even knowing who the revoker might be.
This seems so vastly superior to me that I can't imagine
using the designated revoker facility for this purpose.
(Am I missing something?)
But if I'm in the habit of making dubious signatures, and
want to let someone cancel specific ones, I would need to
give my designee an encrypted revocation certificate for
each of those as well. Not impossible, but a little more
tedious. The designated revoker encoding is more compact.
[You might ask: what kind of moron habitually issues questionable
signatures? Perhaps an automated corporate ID generator.
Why designate a revoker? You might want to destroy away the
generator's private key periodically, to prevent additional
certifications, but still want to be able to revoke things.
A pretty weak example, but the best I can offer. Can anyone
else provide a stronger example?]
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPH0zU1MkvpTT8vCGEQJf1gCg6KKDIOn7nir+hG6qDuSFxijshIAAnAmx
v9P2qO6mkEVpjgL1XDrks9ia
=aQeV
-----END PGP SIGNATURE-----