David Shaw dshaw at jabberwocky.com wrote on Thu Feb 1 21:04:27 CET 2007 >The idea behind this is that the relationship >between the designated revoker and the key owner is sensitive, > and so we must not reveal the identity designated revoker >until we absolutely must >(i.e. when they actually revoke the key).
why must the identity be revealed at all, if the key-owner who designated the revoker doesn't want it to be? it doesn't add to the security to know who revoked it, (whoever it as, it was someone the 'key-owner' decided it should be) it only compromises the revoker and/or key owner, as the revoker may become a target to revoke the original key-owner's replacement key (n.b. not a big deal, just curious as to why it was done this way there is a very simple workaround for anyone uncomfortable with it: the designated revoker doesn't have to be a 'person', it just has to be another 'key' which can have a fictitious name, and given to the person who is trusted to do the revoking when necessary) vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
