Reusing signed user ID or attribute
Johannes Zarl
johannes at zarl.at
Fri Jan 17 20:03:15 CET 2014
On Friday 17 January 2014 13:28:50 Hauke Laging wrote:
> IIRC then GnuPG accepts a later self-signature (overriding the
> revocation). IMHO that makes most sense. As long as the mainkey isn't
> revoked or expired why shouldn't one "change one's mind"?
Wouldn't that have huge implications for the security(*) of the whole system?
If the revocation is a final act, as long as I can make sure that the
revocation certificate reaches my communication partners I can be sure that
nobody can compromise the key and "reenable" it and start impersonating me.
If, however, the revocation is only a temporary act until a newer self-
signature supersedes it, it would be almost impossible to effectively and
permanently revoke a key. One would either (as long as the private key is not
yet compromised) have to destroy the private key, or make sure that all
communication partners somehow prevent the key from receiving further
updates...
Johannes
(*) please excuse the blanket-use of the term
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140117/5bf276d8/attachment.sig>
More information about the Gnupg-users
mailing list