effect of revuid

Wed Feb 8 08:29:33 CET 2017

> On 04 Feb 2017, at 03:43, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> 
> revuid does not delete a User ID, it revokes a user ID.  On a typical
> OpenPGP certificate, a revoked User ID is still present, but it is
> marked clearly and verifiably as having been revoked.

Ok. Thanks.

> 
> Note that if you just do your revocation locally and don't find a way to
> get it to your correspondents (e.g. by publishing to the keyservers, and
> hoping that they all refresh regularly) then no one will know about it,
> and from their point of view the User ID will not be revoked.

Sure. Got it.

> 
> 
> The primary key and its subkeys are still valid, yes.  If you revoke the
> last User ID, then arguably a cleaned version of your certificate
> (without any User IDs) will not be considered a valid "transferable
> public key" because it will have no User ID associated.
> 

Oki thx.

> 
> even if your certificate as a whole is explicitly revoked, the
> mathematical object that is the secret key still exists, and can still
> perform whatever operations you require of it.  So yes, you should be
> able to decrypt anything encrypted to any secret key you hold,
> regardless of whether the certificates that contain those keys are
> valid, revoked, expired, or whatever.

Nice. This is an important answer.

> 
> make sense?
> 

Yes, totally. Thx for explanation.

---

Marko Bauhardt
marko.bauhardt at mailbox.org <mailto:marko.bauhardt at mailbox.org>

Key ID: 53192101
Fingerprint: DC0F E851 82A3 72E3 7FE1  ACDB 970C FD47 5319 2101

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170208/33e37af0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20170208/33e37af0/attachment-0001.sig>