Should gpg always generate a revocation cert?

Werner Koch wk@gnupg.org
Mon Sep 22 07:33:01 2003


On Sun, 21 Sep 2003 13:26:18 +0100, Neil Williams said:

> Perhaps just a default YES question in the --gen-key sequence? This still 
> leaves a potentially crucial file sitting around until the user does 
> something about it though. Could be a problem when users don't secure the 
> .gnupg/ directory properly.

It is not a good idea to change the default behaviour of GnupG.
Creating an additional file which then must be deleted, will probably
break a couple of applications which don't expect this.  Imagine an
application creating keys on demand through expect(1).

> "It is strongly recommended to print out a revocation certificate in case this 
> key becomes lost or compromised or your filesystem becomes corrupted. Please 
> turn on your printer before answering Y."

We can't do that becuase there might be no printer on the system or
printing works in an unusal way (I for example simply pipe documents
for printing through ssh printer-host lpr)

-- 
Werner Koch                                      <wk@gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe	                 http://fsfeurope.org