revocation signatures

David Shaw dshaw at jabberwocky.com
Tue Jun 15 17:48:11 CEST 2004


On Thu, Jun 10, 2004 at 01:03:03PM +0100, Nicholas Cole wrote:
> Please forgive two questions that I suspect have
> simple answers.
> 
> 1) If a user has signed a key, and then revokes the signature, GPG
> currently prints out both the signature and the revocation signature
> when doing --check-sigs.  The two are not necessarily printed next
> to each other, nor does the original signature have any mark
> alerting the user to the fact that it has been revoked.  While I do
> see the logic in printing both, is there any good reason not just to
> print the revocation certificate, or to put a clear message next to
> the original signature?

Currently, there is no binding between a revocation and a signature.
That is, the revocation could refer to any signature issued by that
key and dated before the revocation.

A future revision of OpenPGP does allow for 'signature targets' but
they aren't that useful in this case.

> 2) When revoking a signature, the user is invited to enter a
> free-form explanation of the revokation.  I have looked through both
> the code (which I don't pretend to follow well) and the
> documentation, and I can't find a way of telling gpg to list these
> explanations when printing signatures (I'm most interested in the
> --with-colons output).

There is no current way to get the revocation text in a key listing.
It is only shown when you try to encrypt to the revoked key.

David



More information about the Gnupg-devel mailing list