Skip to main content

Revocation in OpenPGP

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Daniel Kahn Gillmor
Last updated 2024-02-18 (Latest revision 2023-08-17)
RFC stream (None)
Intended RFC status (None)
Additional resources GitLab Repository
Mailing List
Mailing List Archive
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Cryptographic revocation is a hard problem. OpenPGP's revocation mechanisms are imperfect, not fully understood, and not as widely implemented as they could be. Additionally, some historical OpenPGP revocation mechanisms simply do not work in certain contexts. This document provides clarifying guidance on how OpenPGP revocation works, documents outstanding problems, and introduces a new mechanism for delegated revocations that improves on previous mechanism.


Daniel Kahn Gillmor

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)