adjusting the key verification level after signing it

Adrian 'Dagurashibanipal' von Bidder
Mon Jul 1 16:15:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-07-01 at 15:49, wrote:
> On Mon, Jul 01, 2002 at 09:37:11AM -0400, David Shaw wrote:

> When I revoke a signature what happens exactly?  Is my signature still
> present in the key and another "blob" of data added revoking it, or
> does my signature get removed altogether?  I don't really want to
> bloat the keys by adding a "revoking blob" plus yet another signature.
> I want to physically replace my signature with another signtuare if
> that is at all possible.

A 'revocation certificate' is added to the key (it's actually another
signature, but with with a 'this is a revocation' id).

The problem is that keys are distributed through various channels,
mostly not controlled by the key owner. So, if two keys 'meet' at some
place, they are merged. The merger has no way to know if a packet
present in one key and absent in the other was added in one place, or if
it was recently deleted and should thus be omitted. So adding a
revocation certificate is the only way.

(With self signatures I believe a revocation is never issued(*), but the
new self-signature automatically replaces the older one, based on the
timestamp. Isn't this the case with normal signatures, too, and why

(*) unless the key/uid is to be revoked, of course.

-- vbi

secure email with gpg               

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.0.7 (GNU/Linux)