On Friday 17 January 2014 13:28:50 Hauke Laging wrote: > IIRC then GnuPG accepts a later self-signature (overriding the > revocation). IMHO that makes most sense. As long as the mainkey isn't > revoked or expired why shouldn't one "change one's mind"?
Wouldn't that have huge implications for the security(*) of the whole system? If the revocation is a final act, as long as I can make sure that the revocation certificate reaches my communication partners I can be sure that nobody can compromise the key and "reenable" it and start impersonating me. If, however, the revocation is only a temporary act until a newer self- signature supersedes it, it would be almost impossible to effectively and permanently revoke a key. One would either (as long as the private key is not yet compromised) have to destroy the private key, or make sure that all communication partners somehow prevent the key from receiving further updates... Johannes (*) please excuse the blanket-use of the term
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users