updating a key's self-signature
Christoph Anton Mitterer
gnupg-users at gnupg.org
Wed Jan 4 19:01:17 CET 2006
David Shaw wrote:
>If an attacker compromises the keyserver or in any way distributes
>your key himself, he can remove the new self-sig, leaving the old one
>behind.
>
>
Isn't it possible to revoke the older selfsig?
Of course, it's still possible for an attacer to compromise the
keyserver and/or distribute the key himself, but that risk exists always
(e.g. when revoking the whole key - which is the same as revoking all
the 0x13 selfsigs....)
Chris.
More information about the Gnupg-users
mailing list