Several questions as feedback on gnupg

Werner Koch
Thu Jan 24 10:14:02 2002

On Wed, 23 Jan 2002 18:16:49 -0800, Nick Andriash said:

> I am having trouble with your logic on this topic. How does issuing a
> Revocation Certificate and uploading that to the KeyServer, differ in
> any way from deleting a UID and uploading to the KeyServer, or better

It is not possible to delete a key once out in the wild.  In 1984 we
had the Ministry of Truth which tried to do similar things.  Such
kinds of operations are nearly infeasable in our global networked
world - well, I hope so.

You should compare a keyserver with the printed white pages:  You can
always walk to library and review old editions.

There is also another reason why it is a bad idea to be able to delete
a public key; others may then not be able to verify your signature and
you have a better chance to deny that you ever wrote this and that.
The Right Thing is to issue a revocation certificate - your signature
can still be verified but a note will be shown that you (the signer)
now (or at whatever time the revocation was done) believe that someone
else may have faked the signature.

Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus