Photo ID Display Behavior

David Shaw
Sun May 11 19:14:03 2003

Hash: SHA1

On Sat, May 10, 2003 at 09:46:37PM -0500, Richard Laager wrote:
> Using version 1.2.1 of GPG, I discovered the following behavior: If a
> key has multiple photo IDs, all will be displayed when doing a
> "showphoto". This seems appropriate. However, the photo IDs are
> displayed even if the self-signature on the photo ID is revoked. I
> didn't test it, but all the evidence seems to suggest that the photo ID
> would be displayed if the self-signature was absent or expired. I
> believe this is the current intended behavior.

Yes, this is intended behavior.  The reason is that the --edit-key
menu is to see and manipulate what is really on the key.  A
revoked/expired photo ID shows up with a "[revoked]" or "[expired]"
just like a textual user ID would.

> PGP (only tested with 6.5.8ckt) displays all photo IDs in a
> scrolling list, even those that are revoked, etc.

PGP 6 doesn't have any notion of a revoked user ID.  It treats revoked
user IDs as unrevoked.

> I'd like to suggest that the behavior be modified. Just as revoked
> user IDs are hidden when doing a gpg --list-key, I suggest that only
> photo IDs with a valid* self-signature be displayed. The advantage
> to doing so would be that a user could replace his/her photo ID
> every so often, just as a photo on a passport** is replaced every 10
> years or so. By either revoking or letting the self-signatures on
> old photos expire, the user could have a current photo displayed
> with his/her key. The old photos would simply be hidden, without
> having to be deleted.

This is in fact how the --list-keys photo code works now, and if you
do "--show-photos --list-keys", you get the semantics you want.
- --list-keys does not display expired or revoked user IDs unless
- --verbose is set, and that holds for both textual and photo IDs.

Version: GnuPG v1.2.2 (GNU/Linux)