-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
From: "David Shaw" <dshaw(_at_)akamai(_dot_)com>
Even though the standard allows for more, as far as I know, the only
implementation that does designated revokers is PGP, and it does only
full key revocations (0x20). GnuPG will start doing designated
A while back, I tested a third-party scenario: (Alice's designated
revoker) Bob revokes Alice's signature of Charlie's key/name. Not only
would PGP not let Bob generate a revocation for a certification
(unless Bob had also signed Alice's key himself), but it wouldn't
recognize one that I manually injected. I don't recall trying
to revoke a self-signature: Bob revokes one of Alice's names (not the key).
Another aspect I didn't test is what PGP does when the designated
revoker's key is not available. I suppose it could check for
revocations with a matching "issuer" hint. (Anyone who could tweak
the hint could destroy the revocation just as easily anyway.)
Does it? If there is a match (but no key), what is the validity decision?
You'd want a company key to be designated revoker for everyone, but
storing and keeping track of thousands of revocations is a pain.
Yes, but some pain is required. Something still has to hold onto the
keys themselves, specifically the designated revoker subpackets.
Otherwise, a user could throw away the designation. I think I'd have
enhanced the corporate (key) server rather than complicating the
client validity checking. But the whole V4 upgrade (especially
the "placeholder for backward compatibility" :-) required changes
to client understanding; in for a penny, in for a pound, I suppose.
Anyway, sorry to poke at a dead horse... I'll let it go, now.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBPH6R9FMkvpTT8vCGEQI47ACgyMoAd8IWgAFhTwjmc798XoFa3E0AnRv0
5T0Q6Y7gUv60fQY27hWG+MnG
=dpV9
-----END PGP SIGNATURE-----