revoked key - was: Re: key-signing for pseudonyms

Jason Harris jharris at
Tue May 18 17:37:10 CEST 2004

On Mon, May 17, 2004 at 09:40:31AM -0400, Atom 'Smasher' wrote:
> On Mon, 17 May 2004, Jerry Windrel wrote:
> > Have you considered starting over with a brand new key that is not connected
> > to a revoked key?
> =======================
> yes, but doing it this way means that my old and new key remain compatible
> with each other... i can sign something with the new key, and it still
> verifies with my old key: someone can encrypt to my old key, and i can
> decrypt with my new key. this also means that anyone who "trusts" the old
> key should "trust" the new key, since it incorporates the old key.

However, any signatures they issued to your old pubkey+userid(s) don't
transfer when it is converted to a subkey.  While you retain the same
key (material) which can be verified through the key fingerprint, you
seem to be expecting people to verify that old pubkey fingerprint again
and re-sign your new pubkey+userid(s) based on the keybinding signature(s)
issued from your new pubkey.

But, nobody should sign your new pubkey based on its subkeys, since
this doesn't prove ownership of the old key material.  Anyone can
claim those same subkeys as their own by binding them to a pubkey
they control.  While they can't issue valid signatures from your
"adopted" signing-capable [sub]keys, and while you could decrypt any
intercepted traffic for them which was encrypted to your encryption-
capable "adopted" [sub]keys, it may be enough to generate FUD regarding
ownership of your key material.

As well, you'd be confusing the issue if you were to sign your new
pubkey with your old pubkey (which is also your "new" subkey), which
is the normal way to transfer trust from an old key to a new key.

> if someone doesn't know that the old key is revoked, everything still
> works fine. if they notice the revocation, they might also notice the
> revocation comment that directs people to the new key.

Indeed, but moving to an entirely new key that is signed by the old
key is much simpler and less prone to error and misinterpretation.

Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at _|_ web:
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20040518/4a68693c/attachment.bin

More information about the Gnupg-users mailing list