1.0.1c test release
Tue, 22 Feb 2000 19:23:05 +0000
Content-Type: text/plain; charset=us-ascii
(Replying just to -users, since it seems more appropriate, but feel free
to copy to -devel if you see a need I overlooked.)
On Tue, Feb 22, 2000 at 10:40:56AM +0100, Werner Koch wrote:
> Noteworthy changes in the current test release
> * The user is now asked for the reason of revocation as required
> by the new OpenPGP draft.
I have not yet looked at either the new source, nor the new draft, (shame
on me) but if I read the above correctly, this seems to contradict the
intent behind the following excerpt from The GNU Privacy Handbook.
Generating a revocation certificate
After your keypair is created you should immediately generate a
revocation certificate for the primary public key using the option
--gen-revoke. If you forget your passphrase or if your private
How is the user to know in advance what the "reason for revocation"
will be? The intent behind generating the certificate *immediately*
after generating the keypair is obvious (and, IMO, laudable.) Am I
misreading something here?
Does this new OpenPGP draft expect the user to foresee the future when
generating this immediately-after-keypair-creation revocation certificate?
Or did the draft writers not think of this? (If so, someone please
forward this to the appropriate parties.)
As an aside, if this is in response to the recent changes in laws in
the UK, wouldn't inclusion of a reason (presuming it is "Jack Straw
and his buddies have access to my passphrase") mandate a significant
period of incarceration? Nevertheless, my primary concern is still
regarding prescience of revocation rationale; a protocol matter, not
a talk.politics.crypto matter.
Please advise me if there is a more appropriate channel for discussion
than gnupg-users. Where do I look for a copy of the proposed changes
to the OpenPGP draft? Is this a change to RFC 2440?
Please encrypt all mail whenever possible. The following Public Keys
for Lazarus Long <email@example.com> are available upon request:
Type Bits/KeyID Fingerprint (GnuPG (GPG) is preferred.)
GPG/ELG: 2048g/41783186 47A0 0929 CD9F B53E 49C0 F06C 560E F574 ED0D F80C
GPG/DSA KeyID: ^^^^ ^^^^
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Now ready for primetime! http://www.gnupg.org
-----END PGP SIGNATURE-----