Jon Callas <joncallas(_at_)icloud(_dot_)com> wrote:
>> On Aug 23, 2019, at 11:05 AM, Michael Richardson
<mcr+ietf(_at_)sandelman(_dot_)(_dot_)ca> wrote:
>>
>> Has anyone given any thought to this?
>>
>> I suppose it might also apply to "does not work here anymore"
> Yes, as others have said, designated revokers and reason-for-revocation
> are part of this, as would be even human-readable notations.
> In PGP, we had key-splitting and those one could with that product
> key-split a revoker key. It was an obvious use case for us, even.
The designated revoker seems to require advance planning, as does the
key-splitting. People rarely do advance planing on accidential death, nor
on getting fired.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
rails [
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp