On Thu, Feb 01, 2007 at 11:23:58AM -0800, snowcrash+gnupg-users wrote: > if i've added a designated revoker to a key, WITH the 'sensitive' flag. > > am i correct that: > > (1) the 'sensitive' flag prevents the *export* of the add'l/designated > revoker's key > (2) the keyservers still learn/know that there IS a designated > revoker, AND its KeyID/UID
Not exactly. When exporting a key that has a sensitive designated revoker set, the key is exported, but the designated revoker information is not included. Anyone looking at the key from the outside cannot tell the difference between this state, and no designated revoker set at all. However, if the designated revoker has in fact revoked the key, then the designated revoker information IS included, along with the revocation. The idea behind this is that the relationship between the designated revoker and the key owner is sensitive, and so we must not reveal the identity designated revoker until we absolutely must (i.e. when they actually revoke the key). Note that there is an option "export-sensitive-revkeys" which tells GPG to export the designated revoker information even if the key isn't revoked. This essentially pretends that the "sensitive" flag is not set. Under normal circumstances, you don't want to do this. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
