Problem with revoking my old key

Sven Radde sven at radde.name
Fri Jan 27 09:24:51 CET 2006


Hello! 

> -----Original Message-----
> If this is what happened, that means that when one has obtained the
> revocation certificate, it is possible to revoke the corresponding key
> in one's own keyserver, without the intervention of the certificate's
> issuer, and I believe that is detailed in GnuPG documentation. This is
> why revocation certificates must be carefully saved and 
> protected in the
> issuer's system, until such time the user him/herself needs 
> to apply the
> certificate.

Exactly.
One should not send out one's revocation certificate to the world, as
anybody can revoke the key with it (and then upload it to the keyservers).
In this actual case it doesn't matter, as the key is to be revoked anyway.

> Wouldn't it be "better" if the actual application of the revocation
> certificate would be conditioned to the use of the key's passphrase,
> thus limiting the revocation certificate's application to the key's
> owner only?

IMHO not. One of the purposes of a revocation-certificate is to give you the
chance to make the key unusable if you have *forgotten* your passphrase.

btw, the GnuPG documentation explicitly details the process how to revoke a
key:
http://www.gnupg.org/(en)/documentation/faqs.html#q4.17

cu, Paeniteo




More information about the Gnupg-users mailing list