Revocation of a user id?
David Shaw
dshaw@jabberwocky.com
Sat Mar 22 00:47:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Mar 21, 2003 at 11:57:05PM +0100, Volker Augustin wrote:
> > > Secondly, what are the implications of this? Does this break my
> > > signature on other peoples keys? And does this mean that other
> > > peoples signatures on that user id can no longer be used by third
> > > people to establish a key chain to my key? (which would implicate
> > > that this user id should simply not be used going forward but
> > > signatures made to it or signatures made by it still remain valid).
> >
> > Trust is chained via user IDs, so if you have multiple user IDs, and a
> > person signed them all, if you revoke one it does not matter from the
> > perspective of that person. If the person only signed one user ID,
> > and you revoke that one, then the chain stops that that point.
>
> So, that means that my signature on other peoples keys automatically
> becomes invalid?
That is correct, with the caveat that not all OpenPGP programs will
necessarily do the same thing here. I seem to recall that PGP doesn't
understand revoked user IDs and so will continue to propagate trust.
I haven't tested this under PGP 8 however, so it may have changed.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+e6SV4mZch0nhy8kRAswlAJ9x5mQ9IKMlTGKOy046f1TL+uFvlwCfdp5z
93n0TYHVB1Sex+QqFP2uwQE=
=dtJj
-----END PGP SIGNATURE-----