key revocation
David Shaw
dshaw at jabberwocky.com
Thu May 13 13:53:10 CEST 2004
On Thu, May 13, 2004 at 02:13:00AM -0400, Atom 'Smasher' wrote:
> according to my reading of rfc 2440, a key revocation is only valid if
> either:
> a) it was generated by the PRIMARY key, or
> b) it was generated by a key DESIGNATED by the PRIMARY key
>
> q1 - is that correct?
Yes.
> q2 - are there any (broken?) applications that will accept a revocation
> key generated by a subkey as valid?
Both PGP and GnuPG allow designating a subkey as a revocation key. In
such a case, a subkey can issue a revocation.
David
More information about the Gnupg-users
mailing list