Steve Langasek <firstname.lastname@example.org> writes:
> AFAIK, "revocation certificate" should always be used to refer to the
> revocation of a key, not of a signature.
I explicitly wrote "revoking certification", not "revoking keys". :-)
> If a signature on a key is revoked, it is possible to sign the key
> again later; but if a key is revoked, I don't know of any software
> that will let you un-revoke the key (and this is how it should be).
Of course, that's right. And it is completely out of question to
force an ex-developer to revoke his key.
>> I don't think it's a good idea to express trust by membership in the
>> Debian keyring. Why can't we use bare OpenPGP for that?
> PGP gives you authentication only.
I don't know about PGP, but OpenPGP does offer a bit more than that.
For example, you can certify keys so that they become trusted
introducers automatically for someone who has sufficient trust in the
> The way the system recognizes authorized users is through the
> presence of their key in the ring.
You can express authorization by certification, together with the
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org