Allowing import of pubkeys without User ID

Andrew Gallagher andrewg at
Fri Jan 13 12:00:48 CET 2023

On 12 Jan 2023, at 20:11, Werner Koch <wk at> wrote:
> On Thu, 12 Jan 2023 12:24, Andrew Gallagher said:
>> associated personal information to those who do not. Bare revocations
>> may not be sufficent, as these will only be searchable via the primary
>> key fingerprint, whereas keys are often searched for by a subkey
>> fingerprint (e.g. to validate sigs).
> That is not a problem because you need to get the primary key anyway
> before you can use a subkey (because of the subkey binding signature).

True, it’s not a security issue - but it is a usability one. “Key not found” is a temporary error, while “key revoked” is permanent. These are two quite different failure modes, and it would be best to clearly distinguish them.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the Gnupg-devel mailing list