problems w/ revoked signatures and keyservers

David T-G
Wed Jun 19 20:09:01 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Christoph --

=2E..and then Christoph Hertel said...
% Hi,


% I had to revoke a self-signature on a UID (i.e. revoke the UID), and
% added a new UID to my key, because I lost my old e-mail account and it
% is probably that it will be reissued to somebody else.

Interesting...  Will that someone else be able to duplicate your keyid,
though?  I'm not sure I understand how it matters; doesn't it take a
keyid as well as any descriptive info to really identify a key?

% Everything went fine. My GnuPG tells me beautifull things about my key
% and I can't imagine living in a better world. However, when I try to


% submit my key to a keyserver, therefore updating it, the keyservers (I
% tried a lot) respond that there were no differences found (no new parts)
% in the submitted key.

This sounds, to my untrained ear, like the problems mentioned on the list
recently.  It seems that the keyservers have to catch up to the new key

% Is this a common problem with keyservers, is this a common problem with
% users? Can somebody give me a hint what to do now? I don't want to
% revoke the whole key, but at the moment, that seems to be the only
% option to revoke the UID.

I don't know if it will work (or, even if it does, if it will really take
care of the UID problem), but before you revoke the whole thing you might
run out and find someone, anyone, to sign your key and then upload that.
You could even whip up a private-use-only key and sign your key with it;
nothing says that every sig on your key *has* to be out there on the
'net.  That should certainly force some changes in the key that would
make the keyserver take notice, I should think...

% Thanks for your thoughts

HTH & HAND & Good luck :-)

% Christoph

David T-G                      * It's easier to fight for one's principles
(play) * than to live up to them. -- fortune cookie
(work)    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (GNU/Linux)