Updating signature cert-level
Doug Barton
dougb at dougbarton.us
Wed Apr 27 01:50:16 CEST 2011
On 04/26/2011 13:49, David Shaw wrote:
> On Apr 26, 2011, at 4:12 PM, Doug Barton wrote:
>
>> On 04/26/2011 13:06, Aaron Toponce wrote:
>>> I signed a key, of which defaulted to cert-level 0 (I will not answer),
>>> which must be the default. When signing the key, GunPG didn't ask me about
>>> any checking. However, I would like to update the cert-level to 2 (I have
>>> done casual checking), but I'm unaware of how to do this. Do I need to
>>> revoke my signature, and re-sign, seeing as though GnuPG won't let my sign
>>> the key if I've already signed it?
>>
>> I think you can delsig, then sign again. The keyservers would have both, but hopefully client software (like gpg) would be smart enough to use the more recent?
>
> Yes.
>
>> I would imagine that revoking a signature and then signing again would make it worse instead of better?
>
> Not really worse or better in practice. The semantics are slightly different for the two cases, but the end result is the same. In the revocation case, you have sig1+revoke1+sig2, so the end result is to use sig2. In the superseding case, you have sig1+sig2, and the end result is also to use sig2.
Ok, thanks for confirming that I'm not a complete loonie. :)
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the Gnupg-users
mailing list