After revoking a key and sending the revocation to MIT's keyserver, I noticed that the key is listed as such:
pub 2048R/XXXXXXXX 2011-01-01 *** KEY REVOKED *** [not verified]
Who is responsible for the 'verification of the revocation'? Does the owner of the key do this verification? If so, how is this accomplished? Do other people sign the revocation and at a certain point it becomes verified?
How does one verify a key revocation?
As Jon Callas already stated: you simply don’t.
In case a different wording helps, here’s a quote related to the exact same question… https://lists.gnupg.org/pipermail/gnupg-users/2014-February/049100.html
…
I revoked my key and on the public key server it says: "* KEY REVOKED * [not verified]" Why does it say that revocation is not verified?
That probably refers to the point that the keyservers don't do crypto checks. It means: There is a packet which looks like a key revocation but it could be forged. If an OpenPGP application downloads the key from the server then it does a signature check.
…
No, the user of the key does. A revocation issued by the key itself, or by a designated revoker, which is some different key.
If I am going to encrypt to you, I look at the key before I do, and I look to see if your key is revoked. Similarly, if I am verifying a signature your key made, I look to see if the key is revoked.
