Robert J. Hansen
rjh at sixdemonbag.org
Wed Aug 17 15:21:32 CEST 2016
> Concerning key servers, unless in very specific cases, I think keys
> should be on big and commonly used keyservers which synchronize among
> themselves. Otherwise new signatures, IDs, and revocations will not
> get propagated when people refresh their keyring.
You're assuming people refresh their keyrings. Although that's a
recommended practice, it appears to be the opinion of the minority. My
certificate 0x23806BE5D6B98E10 has been revoked for seven months now,
and yet people continue to use it instead of 0x1DCBDC01B44427C7. If
they had refreshed their keyrings even once in that time period, they
would no longer be able to encrypt to 0x23806BE5D6B98E10.
Before people ask:
(a) yes, I did inform people of the certificate change
(b) six months later I revoked 0x23806BE5D6B98E10,
(c) so it's now a year post-notice, seven months post-revoke
(d) and people still keep using the old one.
(P.S.: if I bcc'd you on this, please type "gpg --refresh" now... :) )
More information about the Gnupg-users