GPG revocations & PGP
Werner Koch
wk@gnupg.org
Thu, 28 Dec 2000 14:19:25 +0100
On Wed, 27 Dec 2000, Florian Weimer wrote:
> With --gen-revoke, you have created a bare revocation self-signature.
> I think PGP requires that the revocation signature is part of an
> OpenPGP public key (see section 11.1 in RFC 2440).
It is a feature :-) and some keyservers are patsched to accept this
bare revocation.
The reason why GnuPG creates a bare revocation signature is for your
convenience. Paper is more reliable than a floppy or the hard disk
- therefore you should either print or write the revocation cert
down, so that you can enter it back (using a normal editor) into a
computer from the printout. Doing this for several k of key stuff
is not a easy task.
IMHO it is easier to take the revocation signature and import it
using GnuPG and then send the entire key to the keyserver.
Werner
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org