Despite "no-include-revoked" revoked still included

Dick Gevers Dick Gevers <dvgevers@xs4all.nl>
Tue Dec 10 22:31:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi David and others,

On Tuesday, 10 December 2002 at 15:17 h, David Shaw wrote about
"Re: Despite "no-include-revoked" revoked still included":

>I see what you mean, but there are some odd corner cases there -
>for example, lets say that a user had a signing subkey, used it
>for a year and then revoked it and made another.  Should this
>subkey be deleted? If it is you can't verify any of the signatures
>issued during that year.

If it were an interactive-only option, that shouldn't be a problem:
the user should be able to decide to have valid data overwritten
during --refresh-keys by revoked or expired-earlier-than-foreseen
(see my earlier post in this respect). Subsequently the user can
then manually remove such data.

On the other hand I wouldn't have a problem not being able to
verify (old) mail just because the userID isn't around anymore. I
will assume that that mail was already verified upon receipt when
the data was still current. However, if I should run into a problem
I would still be able to update the key with the option commented
out in gpg.conf and get all revoked and expired data back again for
as long as needed.  

>What I was suggesting (and perhaps did not explain well) is a
>feature for GnuPG where it simply never shows you revoked
>subkeys, revoked user IDs, etc. during a --list-keys.  They may be
>there, but you won't see them so the effective result is the same
>as if they were deleted.

I understood it well enough but perhaps I didn't address the point
clearly enough: I don't mind seeing the data (and would in fact
personally prefer them not to be hidden), but my personal aim in
this respect is to obtain a lean and mean pubring devoid of
unneeded data. I will manually delete revoked and expired data and
the option should filter them from reappearing.

In short, my preference would be: show what's there, delete myself
what I don't need and be able to set an option to have it not
appear again.  

I appreciate your reactions.

Best regards,
=Dick Gevers=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Win32)
Comment: GPGShell 2.65 - QDGPG for Pegasus Mail 1.0.3.0 beta4

iD8DBQE99lybwC/zk+cxEdMRAoh5AJ9ciHfPqYDV9Bjunp/GczXc9aOWcACg2JLj
AaRDklbuy1x/ID4Mwj+EDyI=
=KQMZ
-----END PGP SIGNATURE-----