[EMAIL PROTECTED] wrote: David Shaw <[EMAIL PROTECTED]> wrote: > On Mon, Jun 11, 2007 at 10:24:23PM +0530, Hardeep Singh wrote: >> Hi >> >> When a key is revoked using the revocation certificate, does it have >> the same effect as reaching the expiry date of the key? In other words >> if I set a key to no expire but generate a revocation certificate, it >> is equally safe? > > They're similar, but different. A key that has reached its expiration > date is not usable, but a new expiration date can be put on it that > makes the key usable again. A key that has been revoked cannot be > easily un-revoked. > > Note that I'm talking about whole keys here. It is possible to > un-revoke a revoked user ID on a key.
How do you unrevoke a key, especially if it is on the keyservers? I can think of making a backup of the key, revoking it and then sending the revocation to the keyservers, then unpacking the non- revoked folder, extending the date, and squirreling that away in some safe deposit box just in case I need it some time in the future. Once you are pretty sure you will never need it again you can destroy the backup. But that means it is only unrevoked for myself. Was that what you meant? But more to the point, what would most people prefer for somebody else to do when they no longer intend to use a key, especially if it is on the keyservers - allow it to expire or revoke it with some message like "key deprecated"? This is more along the line of human usability and preferences, not technical. I am assuming from what has been said that most people want the key revoked, rather than just allowing it to elapse and expire like Johannes Ullrich does. Any opinions? HHH -- Why hack in when you can drive in on Hwys. 80, 110, 194, 220, 443, 993, 994 & 995? _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
