using a revocation certificate

Michael H. Warfield mhw@wittsend.com
Thu Feb 8 15:11:06 2001


On Thu, Feb 08, 2001 at 02:54:29PM +0100, Michael Rauch wrote:

> Hi,

> On Thu, Feb 08, 2001 at 01:58:41PM +0100, Juergen Stohr wrote:
> > Hi,

> > I have the following problem:
> > I would like to revoke my public key, that was sent to a keyserver. I
> > tried to mail the certificate (generated with "gpg --output revoke.asc
> > --gen-revoke stohr") to the keyserver (subject ADD). But this server
> > answered with the following message:

> You have to apply revoke.asc first to your keyring
> $ gpg --import revoke.asc
> and then send the modified key to the keyserver.
> $ gpg --send-key 0x{your-key-id}

> > Key block in add request contained no new
> > keys, userid's, or signatures.
> > Your key block contained 1 format errors,
> > which were treated as if the erroneous elements
> > hadn't been part of your submission.
> > The errors were outside of any PGP public key;
> > maybe you didn't send a public key block at all.
> > Anyway, the last error encountered was:
> > Key block corrupt: signature without key

> > Now my question is:
> > How do I get this key (0AF6E9EE) out of the keyservers?

> Well, you can't really get it out of the keyserver. (This would need
> manual intervention to the database, and you could never be sure that
> another person is not adding it again.) But to get a revoked version to the
> keyservers, use the procedure as described above.
Even that probably would never work. Bruce Schneier was saying that someone had uploaded a fake "Bruce Schneier" key to the keyserver years ago (this was about 2 years ago that he was telling me about this) and he tried for ages to get it removed. As fast as it would be removed, the other keyservers would resynchronized and add the key back. Unlike pokeymon, he couldn't catch'm all. Since he didn't have the private key, he couldn't revoke it either. :-( Catch-22... How do you get rid of something like that in a way that doesn't open up a door for other people to create denial of service attacks (blacklisting)? No answer...
> Regards,

> Michael
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!