Keyserver doesn't honour signature removal

John W. Moore III jmoore3rd at
Sun Apr 12 18:25:11 CEST 2009

Hash: SHA512

Dominik George wrote:

> that is, I can add anything I want to my key, but never remove it? Not
> even signatures?

This is Correct!  Upload a Key with signatures removed and as soon as
that Keyserver 'refreshes' during the next round of updating from all
other Keyservers it is linked to the removed signatures are restored.
End of story!

> I understand that I cannot remove keys, but I think any changes that
> require my secret key would be ok :( ...

Err....  How?  The only time Your passphrase is required is when You are
a revoking a Signature You, yourself, made.  Your Secret Key isn't, or
shouldn't be, on the Keyservers.  Anybody can Sign Your Key and upload
it to the Keyservers whenever they desire.  Your Public Key is in the
public domain.  This is why some folks maintain a listing of their
clean, desired Key on Big Lumber or the PGP GD.  With Big Lumber only
You may access Your listed Key to make 'changes' and with PGP GD any
uploaded Key requires verification of each UID email address via a
Ping/Pong challenge before it is listed for dissemination.

JOHN 8-)
Timestamp: Sunday 12 Apr 2009, 12:25  --400 (Eastern Daylight Time)
Version: GnuPG v1.4.10-svn4979: (MingW32)
Comment: Public Key at:
Comment: Gossamer Spider Web of Trust:
Comment: Homepage:


More information about the Gnupg-users mailing list