I was just reading gpg(1) and i noticed this section within --keyserver-options:
> include-revoked
> When searching for a key with --search-keys, include keys
> that are marked on the keyserver as revoked. Note that
> not all keyservers differentiate between revoked and
> unrevoked keys, and for such keyservers this option is
> meaningless. Note also that most keyservers do not have
> cryptographic verification of key revocations, and so
> turning this option off may result in skipping keys that
> are incorrectly marked as revoked.
I'm particularly curious about the last sentence, as it suggests that a
basic cryptographic check ("was this revocation certificate produced by
that key?") is not present in most keyservers.
Is this true of SKS? I haven't tested posting a falsified revocation
certificate yet (which i should probably test anyway), but i was curious
what the folks who know the code better than i do expect to happen were
such a certificate uploaded to an SKS keyserver.
Any thoughts? Or is this note in gpg(1) out of date?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/sks-devel
