1.0.1c test release
Wed, 23 Feb 2000 10:45:31 +0100
On Tue, 22 Feb 2000, Lazarus Long wrote:
> I have not yet looked at either the new source, nor the new draft, (shame
> on me) but if I read the above correctly, this seems to contradict the
The change is only that the new draft makes the reason for revocation
> How is the user to know in advance what the "reason for revocation"
> will be? The intent behind generating the certificate *immediately*
> after generating the keypair is obvious (and, IMO, laudable.) Am I
> misreading something here?
This is indeed a problem. The reason why you should create a
revocation certificate in advance, is for the case you lost access to
your secret key. Therefore you may wont to use "key is no longer used"
and a verbal description why. If your key is compromised, you should
still have access to the secret key and you can do a revocation
certificate. But, what happens if you lost your laptop with the only
copy of the secret key - it is compromised and you are not able to
revoke the key.
There are 3 solutions:
* Create 2 revocation certificates, one for a compromised key and
one for the cae you lost access to the key.
* Create only a compromised key revocation in advance and use this
even if you only can't remember the passphrase.
* I add an option to not generate a revocation certificate. This
should still be allowed even if OpenPGP says SHOULD (it is not a
> As an aside, if this is in response to the recent changes in laws in
> the UK, wouldn't inclusion of a reason (presuming it is "Jack Straw
No, It has been been in OpenPGP since we have the RFC.
> Please advise me if there is a more appropriate channel for discussion
> than gnupg-users. Where do I look for a copy of the proposed changes
> to the OpenPGP draft? Is this a change to RFC 2440?
It is just that the optional reason for revocations is now a SHOULD.
It is okay to discuss this here.