Hello! > -----Original Message----- > If this is what happened, that means that when one has obtained the > revocation certificate, it is possible to revoke the corresponding key > in one's own keyserver, without the intervention of the certificate's > issuer, and I believe that is detailed in GnuPG documentation. This is > why revocation certificates must be carefully saved and > protected in the > issuer's system, until such time the user him/herself needs > to apply the > certificate.
Exactly. One should not send out one's revocation certificate to the world, as anybody can revoke the key with it (and then upload it to the keyservers). In this actual case it doesn't matter, as the key is to be revoked anyway. > Wouldn't it be "better" if the actual application of the revocation > certificate would be conditioned to the use of the key's passphrase, > thus limiting the revocation certificate's application to the key's > owner only? IMHO not. One of the purposes of a revocation-certificate is to give you the chance to make the key unusable if you have *forgotten* your passphrase. btw, the GnuPG documentation explicitly details the process how to revoke a key: http://www.gnupg.org/(en)/documentation/faqs.html#q4.17 cu, Paeniteo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
