How Revoke an "Unrevokeable" Key
vedaal at hush.com
vedaal at hush.com
Fri Nov 23 19:52:48 CET 2007
On 2007-11-23 Kara wrote:
> I have one very, very poor possibility that you might consider --
it
> won't solve your problem but is perhaps somewhat better than
nothing:
>
> 1. Create a new key and include as a comment: Replaces
0x12345678
>
> Then make a revocation certificate for the new key,
> make a backup of the new key, *and then and only then*:
>
> a. Use that new key to sign all userIDs on 0x12345678.
>
> b. Then upload 0x12345678 to a public keyserver.
>
> c. Then, if you wish -- upload your "new" key to a
> public keyserver.
the problem with this is,
that *anybody* pretending to be you,
can 'also' do this,
and create impostor keys
so, in order for this to be meaningful,
it is even more 'tedious'
as it will require all those who 'trusted' the previous key that
needs to be revoked,
to 'trust' the new replacement key, and sign it,
(something that would not be done for an impostor's key)
and then add to the comment,
"signed by all keys who signed original key 0x12345678"
if 'no one' signed the original key,
then this is much less of a problem,
as no one trusted it enough yet,
so just use the 'new' key without any comments,
and eventually people will begin to 'trust' that one,
and ignore the previous one
vedaal
--
Stop collection calls. Click here to receive information on how to improve your credit.
http://tagline.hushmail.com/fc/Ioyw6h4dNzsbwZmws9fhkyBJqzhDrFmg8zf7CaHbmm9Kbzyf051sjd/
More information about the Gnupg-users
mailing list