key revocation
David Shaw
dshaw at jabberwocky.com
Thu May 13 13:51:37 CEST 2004
On Thu, May 13, 2004 at 01:45:46AM -0700, Len Sassaman wrote:
> On Thu, 13 May 2004, Atom 'Smasher' wrote:
>
> > according to my reading of rfc 2440, a key revocation is only valid if
> > either:
> > a) it was generated by the PRIMARY key, or
> > b) it was generated by a key DESIGNATED by the PRIMARY key
> >
> > q1 - is that correct?
> >
> > q2 - are there any (broken?) applications that will accept a revocation
> > key generated by a subkey as valid?
>
> PGP versions 5.x through 6.5.7 will accept a revocation generated by *any*
> key as valid.
Most keyservers do the same. Of course, this is a metadata/display
issue only, and an illegal revocation won't be acted upon by GnuPG.
David
More information about the Gnupg-users
mailing list