On 01/16/2018 05:26 PM, Peter Lebbing wrote: > A mechanism where you can have a signed statement saying > "on 2018-01-16, I allow my key to show up on keyservers", and a signed > statement saying "from 2018-04-01 on you should no longer expose this > key to clients"
I'm somewhat interested in hearing how this scheme would work in the case of a compromised private key. Mainly; (i) How would you distribute revocation certificates (ii) Would you trust a signature for removal of keyblock provided to the keyserver (a) after a revocation certificate has been added (b) before a revocation has been added (as measured on the specific keyserver). (iii) iff (ii)(a) and (ii)(b) differ; how would you handle a sync conflict of said data? -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "If you don't drive your business, you will be driven out of business" (B. C. Forbes)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
