A problem in the web of trust model or a gnupg bug?

Peter Lebbing peter at digitalbrains.com
Fri Feb 19 14:26:12 CET 2016

I can't reproduce this. A revocation correctly invalidates any
certifications *both* before or after the moment of revocation. After
all, the time can be faked.[1]

I tested with no "revocation reason" specified, by the way. But I don't
think GnuPG uses the revocation reason for anything, although I'm not
100% sure.

Could you show some of the output you get, possibly redacted for privacy?

As a very simple explanation, are you overlooking a different
certification on the key that is still valid and trusted?

I used GnuPG 2.1.11.



[1] Other than that, if you revoke a key using the revocation
certificate you made when the key was created, it will show a revocation
date equal to the creation date even though you only uploaded the
certificate years later, for example. Even if only certifications made
after revocation would be invalidated, that situation would still
invalidate all revocations, since they're all later than the key
creation. This is not very relevant to your problem, though, I just
thought it was an interesting observation.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list