1.0.1c test release

Werner Koch wk@gnupg.org
Wed, 23 Feb 2000 10:45:31 +0100


On Tue, 22 Feb 2000, Lazarus Long wrote:


> I have not yet looked at either the new source, nor the new draft, (shame
> on me) but if I read the above correctly, this seems to contradict the
The change is only that the new draft makes the reason for revocation a SHOULD.
> How is the user to know in advance what the "reason for revocation"
> will be? The intent behind generating the certificate *immediately*
> after generating the keypair is obvious (and, IMO, laudable.) Am I
> misreading something here?
This is indeed a problem. The reason why you should create a revocation certificate in advance, is for the case you lost access to your secret key. Therefore you may wont to use "key is no longer used" and a verbal description why. If your key is compromised, you should still have access to the secret key and you can do a revocation certificate. But, what happens if you lost your laptop with the only copy of the secret key - it is compromised and you are not able to revoke the key. There are 3 solutions: * Create 2 revocation certificates, one for a compromised key and one for the cae you lost access to the key. * Create only a compromised key revocation in advance and use this even if you only can't remember the passphrase. * I add an option to not generate a revocation certificate. This should still be allowed even if OpenPGP says SHOULD (it is not a MUST)
> As an aside, if this is in response to the recent changes in laws in
> the UK, wouldn't inclusion of a reason (presuming it is "Jack Straw
No, It has been been in OpenPGP since we have the RFC.
> Please advise me if there is a more appropriate channel for discussion
> than gnupg-users. Where do I look for a copy of the proposed changes
> to the OpenPGP draft? Is this a change to RFC 2440?
It is just that the optional reason for revocations is now a SHOULD. It is okay to discuss this here. Werner