Keyserver doesn't honour signature removal

John Clizbe John at Mozilla-Enigmail.org
Sun Apr 12 22:42:34 CEST 2009


Dominik George wrote:
> due to dome issues, I have pretty many signatures on my key that I don't
> want (or need) anymore. I can remove them locally, but when sending the
> key to the keyserver afterwards, the changes are just ignored.

That is correct, by design keyservers are merge only. It prevents
attacks on the keys stored on keyservers such as removing revocations.

> Is it even possible to remove signatures from a key and distribute this
> change? Or am I doing something wrong?

You can remove any cruft you wish and distribute that key yourself. You
just can't use the keyserver networks to do it. Also anyone who
refreshes that key from a keyserver will pick up all the pieces you
decided needed deleting.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 678 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090412/1fff08ed/attachment-0001.pgp>


More information about the Gnupg-users mailing list