Reusing signed user ID or attribute

Johannes Zarl johannes at
Fri Jan 17 20:03:15 CET 2014

On Friday 17 January 2014 13:28:50 Hauke Laging wrote:
> IIRC then GnuPG accepts a later self-signature (overriding the
> revocation). IMHO that makes most sense. As long as the mainkey isn't
> revoked or expired why shouldn't one "change one's mind"?

Wouldn't that have huge implications for the security(*) of the whole system?

If the revocation is a final act, as long as I can make sure that the 
revocation certificate reaches my communication partners I can be sure that 
nobody can compromise the key and "reenable" it and start impersonating me.

If, however, the revocation is only a temporary act until a newer self-
signature supersedes it, it would be almost impossible to effectively and 
permanently revoke a key. One would either (as long as the private key is not 
yet compromised) have to destroy the private key, or make sure that all 
communication partners somehow prevent the key from receiving further 


(*) please excuse the blanket-use of the term
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140117/5bf276d8/attachment.sig>

More information about the Gnupg-users mailing list