Retaining expired sigs

David Shaw dshaw at
Mon Mar 21 05:36:42 CET 2005

On Sun, Mar 20, 2005 at 11:07:50PM -0500, Jason Harris wrote:

> I really don't think it is worth trying to protect against these
> scenarios.  A user can simply remove any non-revocable sigs they
> don't want in their local keyring.

As soon as you posit a user who is going to edit their local keyring,
there is nothing to discuss.  Editing the keyring violates the trust

I don't think there is anything left to discuss.  We've about reached
the stage where I'm saying "10+2!" and you're saying, "Bad example!
It's 6+6!"

> > When importing a non-revoke-sig + revoked sig set, PGP doesn't strip
> > anything, but does ignore the non-revokable sig (it isn't even visible
> > in the GUI).
> Gah!  PGP 8.1 allows non-revocable sigs to be revoked?!

No.  So far as I can tell in a not particularly rigorous 5-minute
test, it ignores the non-revocable sig completely.  It's as if the uid
is unsigned.  This is a safe way to ignore such a signature.  No idea
what PGP 9 does.  I haven't played with it yet.

PGP 7, incidentally, did allow non-revocable sigs to be revoked.  Nice
to see that was fixed.


More information about the Gnupg-users mailing list