Trust, UIDs, signing & revoking

Mark Brown
Wed Nov 21 01:33:02 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 20, 2001 at 05:49:28PM -0500, David Shaw wrote:

> Sure, but GnuPG does know how to do revoked UIDs.  Does PGP?  I don't
> have a copy handy to check.

PGP 7 doesn't entirely understand them.  It doesn't appear consider self
signatures to be any different to any other signature.  This means that
if you trust someone who has signed a revoked UID to sign that UID the
UID will still be considered valid even if there is a revocation
certificate for the self-signature.  To get the ID fully revoked in PGP
you need to get everyone who signed the ID to revoke their signature.

"You grabbed my hand and we fell into it, like a daydream - or a fever."

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see