Revoke old keys
Thu Jul 24 17:09:02 2003
One could use their latest key to sign their old public key and then revoke
that signature. Doesn't remove the key but somebody looking at the key
might do a double take to see why a similar ID signed and then revoked their
signature. Might lead them to the currently active key -- especially if
encrypting to the old one didn't elicit any response.
From: Adrian 'Dagurashibanipal' von Bidder [mailto:firstname.lastname@example.org]
Sent: Thursday, July 24, 2003 1:11 AM
Subject: Re: Revoke old keys
On Thursday 24 July 2003 07:50, Wolfgang Bornath wrote:
> Yes I know it's 'gpg --delete-secret-key DEADBEEF' and 'gpg --delete-key
> DEADBEEF'. I already did that. My question was about the keys on the
> keyservers, like you can do with a revocation certificate.
You can try to bug the keyserver operators, but I would not advise it.
Probably they won't delete your key anyway, but just ignore your mail,
because even when you manage to delete your old public keys on most or even
all public keyservers, how can you absolutely know that there isn't somebody
who has an old keyring around and just decides to upload your old key again?
The other thing is, of course, workload: once the keyserver operators start
accept such requests, I bet there's tons of old keys around...
The third thing is authentication: is can you prove that you're the original
owner of the old key?
Personally, I would be in favor of key expiration on the keyservers: delete
keys that did not get any new signatures in the last 5 years, delete keys
that have only self signatures after 1 year. But again: this would be on a
per-keyserver basis, so those deleted keys would probably re-appear again
random link of the day: http://fortytwo.ch/sienapei/caegooni
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.