Despite "no-include-revoked" revoked still included

David Shaw
Tue Dec 10 18:52:02 2002

On Tue, Dec 10, 2002 at 03:38:54PM -0000, Dick Gevers wrote:

> DS>no-include-revoked and no-include-disabled only apply to
> DS>--search-keys.  This is for various security reasons, most 
> DS>notably if you are doing automated key fetches (say, to verify
> DS>the validity of a possibly revoked key), you want the key even
> DS>if it is disabled or revoked.
> Thanks very much for your answer. In all honesty, this had'nt been 
> completely clear to me from which states:

Yes, you are right - that is confusing.  I'll fix the manual.

> Maybe such or similar keyserver options could be allowed 
> interactively only, to enable the user to decide when an item on 
> pubring is revoked by the key-owner or expired earlier than shown 
> on pubring that the user is offered the default option to update 
> the pubring, but if such data are not (anymore) on the pubring that 
> they are no longer imported?

This involves keeping the actual data around and just hiding it from
the user which GnuPG already does (in some places anyway).  That's why
a revoked user ID doesn't show up in --list-keys.  The same idea could
be used to hide revoked subkeys, etc.

   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson