Trust, UIDs, signing & revoking
Mark Brown
broonie@sirena.org.uk
Wed Nov 21 01:33:02 2001
--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Nov 20, 2001 at 05:49:28PM -0500, David Shaw wrote:
> Sure, but GnuPG does know how to do revoked UIDs. Does PGP? I don't
> have a copy handy to check.
PGP 7 doesn't entirely understand them. It doesn't appear consider self
signatures to be any different to any other signature. This means that
if you trust someone who has signed a revoked UID to sign that UID the
UID will still be considered valid even if there is a revocation
certificate for the self-signature. To get the ID fully revoked in PGP
you need to get everyone who signed the ID to revoke their signature.
--=20
"You grabbed my hand and we fell into it, like a daydream - or a fever."
--rS8CxjVDS/+yyDmU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7+vW1J2Vo11xhU60RAoybAKDp3Ujx9MW4NCzqeGS/sL9RIeCF+QCfZag/
ObUCv8QyFrUsXP69brlx33A=
=sR2B
-----END PGP SIGNATURE-----
--rS8CxjVDS/+yyDmU--