Allowing import of pubkeys without User ID

Werner Koch wk at gnupg.org
Fri Jan 13 12:50:05 CET 2023


On Fri, 13 Jan 2023 11:00, Andrew Gallagher said:

> True, it’s not a security issue - but it is a usability one. “Key not
> found” is a temporary error, while “key revoked” is permanent. These
> are two quite different failure modes, and it would be best to clearly
> distinguish them.

Sure.  But the point here is on how to retrieve a revocation
certificate.  To do this you first need to have access to the key -
without the key there is no need to retrieving a revocation.  Without a
key you don't know anything about a signature.

In fact you could store a standalone revocation certificate on the
server and allow accessing it by the included issuer fingerprint.  A
dedicated keyserver command to do just this might be useful too.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230113/076d139c/attachment.sig>


More information about the Gnupg-devel mailing list