best practice for pgp mail service, revoking keys

David Shaw dshaw at
Thu Apr 24 05:14:24 CEST 2014

On Apr 23, 2014, at 6:13 PM, tim at wrote:

> Greetings,
> This is a tiny bit philosophical. Perhaps a little off-topic. I think this is probably the best list to ask never-the-less.
> So I've been working on this pgp base web based mail service.
> Here is the problem I hope eventually to be confronted with:
> 1. User registers name "decker at," user auto-magically generates a pgp pub/priv key. The pub key is registered on the pgp key servers.
> 2. User goes away. Account is closed.
> 3. User still has "decker at" registered on the pgp key servers.
> 4. Another person wants to use "decker at"  He would generate a brand new pgp key with a later creation date, but still that old one seems like a liability.
> What should I do?
> A few options I can see:
> 1. email addresses are used only once.
> 2. email addresses are used more than once, but with a warning, "there already exists an unrevoked pgp key for this address."
> 3. user gives me a revocation certification when he generates his pgp key, I can revoke accounts which close.
> 4. user generates pgp keys which expire after a year
> 5. ?

I haven't looked extensively at your design, so this isn't a suggestion as to what you should do, but just to mention a possibility you may have missed:

5. User appoints you (or a designated key) as their designated revoker.  This allows your key to issue a revocation on their key.  Pro: no need to store revocation certificates for all of your users, which could leak.  Con: the revocation only works if the person checking has both your key and their key.

It's similar in many ways to 3.


More information about the Gnupg-users mailing list