> On 18 Jul 2019, at 17:46, Todd Fleisher <t...@fleetstreetops.com> wrote: > > "Unfortunately, there is currently no > good way to distribute revocations that doesn't also reveal the revoked > identity itself. We don't want to distribute revoked identities, so we can't > distribute the identity at all."
We can kill two birds with one stone here, using two simple extensions-by-convention of the protocol. A key owner can (preferably automatically) create a “self-identity” on her primary key consisting of a well-known string that contains no personal information. To avoid breaking legacy search-by-id systems this string should be unique to the primary key. I suggest using “fpr:00000000000000000000000000000000000”, where the zeros are replaced by the fingerprint of the key. The self-identity (and any revocations on it) can then be safely distributed by keystores that would otherwise refuse to distribute personal info. A recipient can then infer from revocation of the self-identity that the primary key itself has been revoked (and by extension all associated identities, whether published or not). A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
