monkeysphere-host revoke-key should now be capable of publishing the

revocation certificate to the keyservers directly, should the admin
want that.

It can also run without prompting, if MONKEYSPHERE_PROMPT=false.  In
the no-prompts case, it never publishes to the keyserver, it indicates
that the key was compromised, and it writes a boilerplate description
to make it easy to identify this kind of certificate.

1 files changed, 8 insertions, 6 deletions

diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 2ccaaec..0a9fc1b 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -62,15 +62,17 @@ in place of `revoke-hostname'.
 Add a revoker to the host's OpenPGP key.  The key ID will be loaded
 from the keyserver.  A file may be loaded instead of pulling the key
 from the keyserver by specifying the path to the file as the argument,
-or by specifying `-` to load from stdin.  `o' may be be used in place
+or by specifying `-` to load from stdin.  `r+' may be be used in place
 of `add-revoker'.
 .TP
 .B revoke-key
-Revoke the host's OpenPGP key.  This will ask you a series of
-questions, and then generate a key revocation certificate on standard
-out.  If you publish this revocation certificate to the public
-keyservers, your host key will be permanently revoked.  `r' may be
-used in place of `revoke-key'.
+Generate (with the option to publish) a revocation certificate for the
+host's OpenPGP key.  If such a certificate is published, your host key
+will be permanently revoked.  This subcommand will ask you a series of
+questions, and then generate a key revocation certificate, sending it
+to stdout.  If you explicitly tell it to publish the revocation
+certificate immediately, it will send it to the public keyservers.
+USE WITH CAUTION!
 .TP
 .B publish-key
 Publish the host's OpenPGP key to the keyserver.  `p' may be used in