Trust, UIDs, signing & revoking
Wed Nov 21 01:33:02 2001
Content-Type: text/plain; charset=us-ascii
On Tue, Nov 20, 2001 at 05:49:28PM -0500, David Shaw wrote:
> Sure, but GnuPG does know how to do revoked UIDs. Does PGP? I don't
> have a copy handy to check.
PGP 7 doesn't entirely understand them. It doesn't appear consider self
signatures to be any different to any other signature. This means that
if you trust someone who has signed a revoked UID to sign that UID the
UID will still be considered valid even if there is a revocation
certificate for the self-signature. To get the ID fully revoked in PGP
you need to get everyone who signed the ID to revoke their signature.
"You grabbed my hand and we fell into it, like a daydream - or a fever."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----