* revoke.c (gen_desig_revoke): Lots more comments about including

sensitive revkeys along with the revocation sig itself. * keyserver.c (parse_keyserver_options): Simpler implementation that can skip one pass over the options.
2025-07-02 22:46:30 +02:00 · 2002-07-22 17:52:02 +00:00 · 2002-07-22 17:52:02 +00:00 · b65aced7b2
commit b65aced7b2
parent 5190d70423
3 changed files with 33 additions and 15 deletions
--- a/g10/revoke.c
+++ b/g10/revoke.c
@ -229,9 +229,20 @@ gen_desig_revoke( const char *uname )
 	    }

 	    /* Include the direct key signature that contains this
-               revocation key.  We're allowed to include sensitive
-               revocation keys along with a revocation, and this may
-               be the only time the recipient has seen it. */
+	       revocation key.  We're allowed to include sensitive
+	       revocation keys along with a revocation, and this may
+	       be the only time the recipient has seen it.  Note that
+	       this means that if we have multiple different sensitive
+	       revocation keys in a given direct key signature, we're
+	       going to include them all here.  This is annoying, but
+	       the good outweighs the bad, since without including
+	       this a sensitive revoker can't really do their job.
+	       People should not include multiple sensitive revocation
+	       keys in one signature: 2440 says "Note that it may be
+	       appropriate to isolate this subpacket within a separate
+	       signature so that it is not combined with other
+	       subpackets that need to be exported." -dms */
+
 	    while(!revsig)
 	      {
 		KBNODE signode;