Reusing signed user ID or attribute
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 17 20:33:25 CET 2014
On 01/17/2014 02:03 PM, Johannes Zarl wrote:
> If the revocation is a final act, as long as I can make sure that the
> revocation certificate reaches my communication partners I can be sure that
> nobody can compromise the key and "reenable" it and start impersonating me.
>
> If, however, the revocation is only a temporary act until a newer self-
> signature supersedes it, it would be almost impossible to effectively and
> permanently revoke a key. One would either (as long as the private key is not
> yet compromised) have to destroy the private key, or make sure that all
> communication partners somehow prevent the key from receiving further
> updates...
I think you're conflating revocation of the primary key with revocation
of a user ID.
Revocation of a primary key is permanent and cannot be overridden.
Revocation of a user ID can be overridden as long as the primary key
(the one making the certification) is not itself revoked.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140117/40110893/attachment.sig>
More information about the Gnupg-users
mailing list