On 13/10/14 21:45, MFPA wrote: > I would have thought "the whole thing with UID's and signatures and so > on" was exactly what was being revoked by means of a revocation > certificate.
Yes, everything is revoked. But that is implicitly. What the revocation actually revokes is the actual primary key itself. It revokes the same part that the fingerprint is computed over. Mathematically, it is computed over the numbers that make up the primary public key and its creation time. So no matter what UID's or signatures are later added (or already existed), from the moment the revocation certificate is published and combined with the primary public key, that public key can never be used again. Remember that the original question was: do I need a new revocation certificate when I add UID's? The answer to that is: no, because the revocation certificate is not computed over the UID's and hence doesn't change. So in that sense the revocation certificate is not bound to the UID's as I stated. However, it does also revoke the UID's in the sense you mean. Does this make sense? HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
