Revoke old keys
Adrian 'Dagurashibanipal' von Bidder
Thu Jul 24 10:09:01 2003
Content-Description: signed data
On Thursday 24 July 2003 07:50, Wolfgang Bornath wrote:
> Yes I know it's 'gpg --delete-secret-key DEADBEEF' and 'gpg --delete-key
> DEADBEEF'. I already did that. My question was about the keys on the
> keyservers, like you can do with a revocation certificate.
You can try to bug the keyserver operators, but I would not advise it.=20
Probably they won't delete your key anyway, but just ignore your mail,=20
because even when you manage to delete your old public keys on most or even=
all public keyservers, how can you absolutely know that there isn't somebod=
who has an old keyring around and just decides to upload your old key again?
The other thing is, of course, workload: once the keyserver operators start=
accept such requests, I bet there's tons of old keys around...
The third thing is authentication: is can you prove that you're the origina=
owner of the old key?
Personally, I would be in favor of key expiration on the keyservers: delete=
keys that did not get any new signatures in the last 5 years, delete keys=20
that have only self signatures after 1 year. But again: this would be on a=
per-keyserver basis, so those deleted keys would probably re-appear again a=
random link of the day: http://fortytwo.ch/sienapei/caegooni
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.5&md5sum=5dff868d11843276071b25eb7006da3e