Reusing signed user ID or attribute

Daniel Kahn Gillmor dkg at
Fri Jan 17 20:33:25 CET 2014

On 01/17/2014 02:03 PM, Johannes Zarl wrote:
> If the revocation is a final act, as long as I can make sure that the 
> revocation certificate reaches my communication partners I can be sure that 
> nobody can compromise the key and "reenable" it and start impersonating me.
> If, however, the revocation is only a temporary act until a newer self-
> signature supersedes it, it would be almost impossible to effectively and 
> permanently revoke a key. One would either (as long as the private key is not 
> yet compromised) have to destroy the private key, or make sure that all 
> communication partners somehow prevent the key from receiving further 
> updates...

I think you're conflating revocation of the primary key with revocation
of a user ID.

Revocation of a primary key is permanent and cannot be overridden.
Revocation of a user ID can be overridden as long as the primary key
(the one making the certification) is not itself revoked.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140117/40110893/attachment.sig>

More information about the Gnupg-users mailing list