> When exporting a key that has a sensitive designated > revoker set, the key is exported, but the designated revoker > information is not included. Anyone looking at the key from the > outside cannot tell the difference between this state, and no > designated revoker set at all. However, if the designated revoker has > in fact revoked the key, then the designated revoker information IS > included, along with the revocation. > > The idea behind this is that the relationship between the designated > revoker and the key owner is sensitive, and so we must not reveal the > identity designated revoker until we absolutely must (i.e. when they > actually revoke the key).
that, actually, is what i was hoping to hear/learn. :-) thanks for the clarification! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
