adjusting the key verification level after signing it
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Mon Jul 1 16:15:02 2002
--=-7qc/A81W+J5T3MGOXzBC
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Mon, 2002-07-01 at 15:49, gpg-users@interlinx.bc.ca wrote:
> On Mon, Jul 01, 2002 at 09:37:11AM -0400, David Shaw wrote:
> When I revoke a signature what happens exactly? Is my signature still
> present in the key and another "blob" of data added revoking it, or
> does my signature get removed altogether? I don't really want to
> bloat the keys by adding a "revoking blob" plus yet another signature.
> I want to physically replace my signature with another signtuare if
> that is at all possible.
A 'revocation certificate' is added to the key (it's actually another
signature, but with with a 'this is a revocation' id).
The problem is that keys are distributed through various channels,
mostly not controlled by the key owner. So, if two keys 'meet' at some
place, they are merged. The merger has no way to know if a packet
present in one key and absent in the other was added in one place, or if
it was recently deleted and should thus be omitted. So adding a
revocation certificate is the only way.
(With self signatures I believe a revocation is never issued(*), but the
new self-signature automatically replaces the older one, based on the
timestamp. Isn't this the case with normal signatures, too, and why
not?)
(*) unless the key/uid is to be revoked, of course.
cheers
-- vbi
--=20
secure email with gpg http://fortytwo.ch/gpg
--=-7qc/A81W+J5T3MGOXzBC
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD4DBQA9IGQzwj49sl5Lcx8RAmvZAJirIE88UWp+SLnzA3G5sfWluhE6AJ9DOOes
zHWOzRRS0D1cdMzB6cmwDA==
=LWvi
-----END PGP SIGNATURE-----
--=-7qc/A81W+J5T3MGOXzBC--