updating a key's self-signature

David Shaw dshaw at jabberwocky.com
Thu Jan 5 14:12:08 CET 2006

On Wed, Jan 04, 2006 at 07:01:17PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
> >If an attacker compromises the keyserver or in any way distributes
> >your key himself, he can remove the new self-sig, leaving the old one
> >behind.
> >  
> >
> Isn't it possible to revoke the older selfsig?

Sure, but you have exactly the same problem as before: an attacker can
simply unrevoke it by removing the revocation packet.

> Of course, it's still possible for an attacer to compromise the
> keyserver and/or distribute the key himself, but that risk exists always
> (e.g. when revoking the whole key - which is the same as revoking all
> the 0x13 selfsigs....)

Revoking the whole key is not the same as revoking all selfsigs.  One
revokes the key.  The other makes the key completely untrusted and
untrustable.  They're not at all the same.


More information about the Gnupg-users mailing list