On Tue, Mar 05, 2002 at 03:43:54PM -0500, Michael Young wrote:
David Shaw noted this PGP (and now GnuPG) behavior:
If the designated revoker's key is not present, then a key "revoked"
by the designated revoker key is not treated as revoked. GnuPG - as
of this morning - does it the same way.
I would argue that silently ignoring a missing revoker is a bad default.
GnuPG is generally very good about issuing warnings (and offering
options :-). Would you be willing to do so here (at least when
a potential revocation is present)?
Good idea. I think a warning during key import if a key has a
potential revocation on it is appropriate.
I know this doesn't thwart would-be attackers. They can always
remove the revocation itself. A warning would simply help
recognize that the key is effectively incomplete, and that the
revoker should be retrieved. (Or, have you adjusted GnuPG to
automatically retrieve revokers after retrieving a key from a server?)
It doesn't, but that's a good idea as well (to be optional, of
course).
David
--
David Shaw | Technical Lead
<dshaw(_at_)akamai(_dot_)com> | Enterprise Content Delivery
617-250-3028 | Akamai Technologies