updating a key's self-signature

Christoph Anton Mitterer gnupg-users at gnupg.org
Wed Jan 4 19:01:17 CET 2006

David Shaw wrote:

>If an attacker compromises the keyserver or in any way distributes
>your key himself, he can remove the new self-sig, leaving the old one
Isn't it possible to revoke the older selfsig?

Of course, it's still possible for an attacer to compromise the
keyserver and/or distribute the key himself, but that risk exists always
(e.g. when revoking the whole key - which is the same as revoking all
the 0x13 selfsigs....)


More information about the Gnupg-users mailing list