signatures from revoked key, trusted?
gabri.philippe at gmail.com
Fri Sep 2 11:13:09 CEST 2016
A friend sends me signed messages wich signature is said correct by
GnuPG: "good signature from...".
I have just noticed I had signed his key with my old key, which is now
revoked in my keyring. So why does GnuPG consider the signature
correct? I would expect that, since I have revoked my old key, all
certifications done with this key should not be trusted anymore.
More information about the Gnupg-users