Bill Stewart wrote:
[...]
Key revocation certificates don't leak your private keys, so the only risk if the Bad Guys get a copy is denial of service, including the pain of rebuilding all your connections, etc.;
I concur. Depending on your application (it always depends on your application), it's probably better to risk a spurious revocation than an interception. You needn't completely lose your connection to the web of trust, either. I've already generated a "next" key signed by my current key, just in case. No, the path server won't follow revoked keys, but someone not yet in possession of the revocation certificate is somewhat more likely to accept a message from someone with a key signed by your old key and in possession of the revocation certificate. -rich