Why are revocations hidden?
Åsmund Skjæveland
aasmunds@student.matnat.uio.no
Sun Sep 16 19:14:01 2001
--tjCHc7DPkfUGtrlw
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
SUMMARY:
The following message asks why revoked userids are not shown as such when a
keyfile is parsed by gnupg, and tries to point out dangers.
Basically, is this a bug, sorry, undocumented fature?
---
Why are not userid revocations displayed when gpg processes a key?
A revocation should, in my opinion, be obvious when I glance at a key.
For example:
aasmunds$bz <~> gpg --edit-key aasmunds
gpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: Warning: using insecure memory!
Secret key is available.
pub 1024D/54B975CE created: 2000-02-29 expires: never trust: f/u
sub 1024g/5132B6E4 created: 2000-02-29 expires: never =20
(1) =C5smund Skj=E6veland <aasmunds@copyleft.no>
(2). =C5smund Skj=E6veland <aasmunds@student.matnat.uio.no>
(3) =C5smund Skj=E6veland <aasmunds@e.fix.no>
(4) [revoked] =C5smund Skj=E6veland <aasmunds@bzzzt.fix.no>
(5) [revoked] =C5smund Skj=E6veland <a@b.cl>
(6) =C5smund Skj=E6veland <as@cl.no>
And:=20
aasmunds$bz <~> gpg --list-keys aasmunds
gpg: Warning: using insecure memory!
pub 1024D/54B975CE 2000-02-29 =C5smund Skj=E6veland
<aasmunds@student.matnat.uio.no>
uid =C5smund Skj=E6veland <aasmunds@copyleft.no>
uid =C5smund Skj=E6veland <aasmunds@e.fix.no>
uid [revoked] =C5smund Skj=E6veland
<aasmunds@bzzzt.fix.no>
uid [revoked] =C5smund Skj=E6veland <a@b.cl>
uid =C5smund Skj=E6veland <as@cl.no>
sub 1024g/5132B6E4 2000-02-29
Whereas:
aasmunds$bz <~> gpg --export aasmunds | gpg
gpg: Warning: using insecure memory!
gpg: Warning: using insecure memory!
pub 1024D/54B975CE 2000-02-29 =C5smund Skj=E6veland <aasmunds@copyleft.no>
uid =C5smund Skj=E6veland
<aasmunds@student.matnat.uio.no>
uid =C5smund Skj=E6veland <aasmunds@e.fix.no>
uid =C5smund Skj=E6veland <aasmunds@bzzzt.fix.no>
uid =C5smund Skj=E6veland <a@b.cl>
uid =C5smund Skj=E6veland <as@cl.no>
sub 1024g/5132B6E4 2000-02-29=20
aasmunds$bz <~>=20
But:=20
aasmunds$bz <~> gpg --export gr=F8dem | gpg =20
gpg: Warning: using insecure memory!
gpg: Warning: using insecure memory!
pub 1024D/7C56C5EF 2000-02-27 [revoked]
uid Johannes Gr=F8dem <johs@copyleft.no>
uid Johannes Gr=F8dem <jg@cl.no>
sub 1024g/12755433 2000-02-27=20
Why are not userids checked for revocations when a key is passed through
gnupg? It is a potential danger in that people would use the (perhaps
nonfunctional, compromised or transferred to another person) e-mail
addresses listed in a revoked userid. And because the uid revocations are n=
ot=20
displayed when the key is parsed by gnupg, but key revocations are, the
possibility of this misunderstanding occuring is fairly large.
--=20
=C5smund Skj=E6veland (aasmunds@student.matnat.uio.no) (OpenPGP keyid 54B97=
5CE)
--tjCHc7DPkfUGtrlw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjuk3VYACgkQKeJUaVS5dc4bxgCghkZzqPSRIevN14X1gnMmNg8d
u3QAoNGhCjLAD5sNlqpv2TA+qkD0ytnZ
=paIO
-----END PGP SIGNATURE-----
--tjCHc7DPkfUGtrlw--