Despite "no-include-revoked" revoked still included
Dick Gevers <email@example.com>
Tue Dec 10 22:31:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hi David and others,
On Tuesday, 10 December 2002 at 15:17 h, David Shaw wrote about
"Re: Despite "no-include-revoked" revoked still included":
>I see what you mean, but there are some odd corner cases there -
>for example, lets say that a user had a signing subkey, used it
>for a year and then revoked it and made another. Should this
>subkey be deleted? If it is you can't verify any of the signatures
>issued during that year.
If it were an interactive-only option, that shouldn't be a problem:
the user should be able to decide to have valid data overwritten
during --refresh-keys by revoked or expired-earlier-than-foreseen
(see my earlier post in this respect). Subsequently the user can
then manually remove such data.
On the other hand I wouldn't have a problem not being able to
verify (old) mail just because the userID isn't around anymore. I
will assume that that mail was already verified upon receipt when
the data was still current. However, if I should run into a problem
I would still be able to update the key with the option commented
out in gpg.conf and get all revoked and expired data back again for
as long as needed.
>What I was suggesting (and perhaps did not explain well) is a
>feature for GnuPG where it simply never shows you revoked
>subkeys, revoked user IDs, etc. during a --list-keys. They may be
>there, but you won't see them so the effective result is the same
>as if they were deleted.
I understood it well enough but perhaps I didn't address the point
clearly enough: I don't mind seeing the data (and would in fact
personally prefer them not to be hidden), but my personal aim in
this respect is to obtain a lean and mean pubring devoid of
unneeded data. I will manually delete revoked and expired data and
the option should filter them from reappearing.
In short, my preference would be: show what's there, delete myself
what I don't need and be able to set an option to have it not
I appreciate your reactions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Win32)
Comment: GPGShell 2.65 - QDGPG for Pegasus Mail 22.214.171.124 beta4
-----END PGP SIGNATURE-----