User: Password:
Subscribe / Log in / New account

STEED: End-to-end email encryption

STEED: End-to-end email encryption

Posted Nov 2, 2011 8:26 UTC (Wed) by dd9jn (subscriber, #4459)
In reply to: STEED: End-to-end email encryption by micah
Parent article: STEED: End-to-end email encryption

Revocations in OpenPGP work by updating the public key (e.g. from a keyserver). Thus the keyservers obviously support this kind of revocations - it is nothing more than an updated key. However, if you look at the response times of keyservers you will notice a delay of some seconds. This is too long for regular revocation checks. Further, most gpg frontends don't even have an easy way to generate a revocation and send it to the keyservers.

It is also impossible to remove a key from a keyserver - that is by design and we can't do anything about it. Now with DNS, it is pretty simple to remove the key. In our proposed trust model this removal is also used as an equivalent to a key revocation. Sure, anyone can simply put copies of the keys on keyservers etc - but that is not the point.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds