Revocation Certificates

Faramir at
Sun Oct 5 01:25:17 CEST 2008

Hash: SHA256

Lawrence, if your nerves are so shaken, maybe you should stop reading
this message right now, and delete this message, or maybe keep it to
read it once you are better. I will put some blank lines as "spoiler",
just in case. And please note, this message is legal, and can't result
in any harm to your reputation, or anything like that...

Begin of "spoiler blank lines"

End of "spoiler blank lines"

>>              (1)  For example, the userID's "e-mail address"
>>                   is no longer active or valid; or the "comment"
>>                   indicating you are "CIA Deputy Director" is
>>                   no longer valid since you're now the President's
>>                   "National Security Advisor"; or the "name" only

   Come on, she was giving an example about comments in a key, and they
were about having a legal job... Is it so serious to think a member of
CIA could become an advisor of the president of USA?
   Also, please note that if the message was encrypted, it was not
possible for authorities to know these words were on the message... now
it was posted in a public list, they can know it. But again, these are
perfectly legal jobs, and to talk about them, or to mention them, is
perfectly legal too.

>>     GPG is capable of doing.  As a GUI, it currently doesn't permit
>>     you to create a key and then _later_ create a revocation
>>     certificate for it.  To do the latter, you currently have to use
>>     the terminal mode (command line) procedure.

  I disagree, the current version allows you to create it, by accessing
the Key Manager, right click on the key, the contextual menu has the
option to do it.

>>>> ...Now, where can I find this revocation certificate? I don't 
>>>> even know the file name!!!
>>> Good question... I think it should be in the same folder where your
>>>  backup key files were exported... and the name should be something

>> Here I'd politely tend to disagree with Faramir -- you are able to

    As a side note, I was just giving him a hint about possible places
to look for the rev cert he already had created... I was not suggesting
him to store it in that place.

>>              above.  But because I don't have them, unlike Faramir I
>>              can't easily accidentally import or upload them.

  Well, my mistake was to double click the rev cert, expecting to see
some output (something like: right rev cert for key ID...), but the GUI
interpreted it as "the user wants me to import the certificate...
done!". But that taught me to be more careful...

> This is another message of Kara's that's causing me nightmare last night
> when I read through it. We shouldn't have words like "...Deputy
> director" or "NS adviser" etc in an encrypted email!

  Why not? The message could not be read by any third party. And even if
it could, it was just a mention to these jobs... Take it easy...

> Please no body send encrypted email anymore! I'll just practice
> encryption with myself by writing to myself.

  As you wish, but I still think you are overreacting a lot about those

  Best Regards
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list