OT: Revoking Old Keys... my problem

Bill Turner turner_bill at sbcglobal.net
Sat May 1 03:38:27 CEST 2004

Jerry Windrel wrote:

> At the risk of veering off topic...
> The problem of having a key that you cannot revoke, and the partial
> solution I outlined, reminds me somewhat of the situation in the Book
> of Esther where a king sent out a proclamation signed with his signet
> ring.  The rule in those days that a proclamation signed with the
> king's signet ring could never be revoked, not even by the king
> himself (similar to the "non-repudiation" property of digital
> signatures).  When the king later regretted that proclamation, the
> only solution was to send out another (non-revokable) proclamation
> that mitigated the effect of the first one.
Hello Jerry,

General consensus seems to be I'm trying to lock the door after the 
horse is stolen.  Well, that I knew already.  My primary objective in 
posting the question was to find out how to avoid this type of situation 
again in the future.

I saw several good ideas and advice.  Since I have only sent this key to 
a couple places so far I am going to do as most folks suggested and make 
a change to show that the 'old' key is no longer accurate.  Alas, I also 
set this one with no expiration date and it seems that is one of the 
major mistakes I made before.  Well, I may end up redoing the whole key 
again because I don't want to go through this 'forever' bad key floating 
about any more.

So far as a 'safe' place to keep the reovation certificate, which I have 
as yet not made and am going to do so as soon as this clears the system, 
would a 'web mail' account (Lycos.com for instance) be considered 
'safe?'  If I had done that before I would not be having this problem 
now.  It would have been safely out of harms way when my laptop got 
stolen.  As it is, yes, this is 'unpleasant' but after 47 years I have 
had far more unpleasant things happen to me.  And far many more that 
never did.

Seems the 'irrevocable' second proclamation from 'the king' is in order 
here. :)  Good analogy btw.  Book of Esther isn't often quoted.  Perhaps 
it should be.

In case you couldn't tell I'm pretty much a 'babe in the woods' so far 
as gpg is concerned.  I thought it was simply a matter of making a key 
pair, sending it out to the people you wanted to communicate with, and 
going merrily along the way.  I'm finding out that was a very naive 
assumption on my part.

Well, you know what they say about what happens when you 'assume' right? 

For the moment I will no longer be signing anything with my 'new' key 
until such time as I can make the revocation certificate, get it onto a 
safe site on the web, (as well as printed out and on floppy), and will 
see if I can change the expiration without having to completely redo the 
key from scratch.  I have the 'gpg manual.pdf' on the disk and will be 
spending the rest of the evening going through it.

Thank God for places like this.  This is why I flat out love Linux and 
GNU so much.  You get a *community* that wants to help each other out. 
Just because it's the 'right thing to do' and no other reason.  If only 
the rest of the world would catch on.  Well, there's hope still.

Thanks much to all who replied.  You gave me some good ideas.  And you 
didn't beat me up too badly.  laughing....

Take care,


More information about the Gnupg-users mailing list