wk at gnupg.org
Fri Jan 24 07:47:15 CET 2014
On Thu, 23 Jan 2014 23:15, ekleog at gmail.com said:
> Oh? I thought the most common reason was test keys, and tutorials which explain
> step-by-step how to make a keypair and push it on a keyserver, without telling
Obviously, I don't have no hard evidence for the claim that forgotten
passpharses are a reason for many unusable keys. However, I have heard
too many times statements like “Please don't encrypt to that key; I -
uhmm - can't remember my passphrase”.
> And keys with an expiration date are someday deleted, while keys, even revoked,
> without are never, are they?
No they are not deleted. They are still useful for signature
verification. Think about gnupg 1.0.0 which has been signed by a long
expired key of mine - verifying it still gives some evidence that the
tarball is genuine. The key merely expired. If I had reasons to assume
that the key is compromised I would issue a revocation. Verification
tools show that.
> BTW, revocation certificates are not produced by default either. So, why not
> advise people to put an expiration date, instead of counselling them
The reason why they are not generated by default is that I am sure that
many people would accidentally publish the revocation. That is not
optimal and thus my current plan is to create a revocation be default
but modify the armored file so that it can only be imported after
editing the file.
> Well, my question is then: Why not restore the key immediately (having stored it
> at the place you would have stored the revocation certificate), and revoke it
The key is of course stored at a bank safe. The sheet/cdrom with the
revocation is in the drawer of my desk.
> the usefulness of revocation certificate, just the advice always popping out to
> generate a revocation certificate in any case, without thinking of whether it
> would be useful.
Okay, that is a different thing. I plan to change that with a notice
saying which file has the edited revocation certificate.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users