On Thu, 23 Jan 2014 23:15, ekl...@gmail.com said: > Oh? I thought the most common reason was test keys, and tutorials which > explain > step-by-step how to make a keypair and push it on a keyserver, without telling
Obviously, I don't have no hard evidence for the claim that forgotten passpharses are a reason for many unusable keys. However, I have heard too many times statements like “Please don't encrypt to that key; I - uhmm - can't remember my passphrase”. > And keys with an expiration date are someday deleted, while keys, even > revoked, > without are never, are they? No they are not deleted. They are still useful for signature verification. Think about gnupg 1.0.0 which has been signed by a long expired key of mine - verifying it still gives some evidence that the tarball is genuine. The key merely expired. If I had reasons to assume that the key is compromised I would issue a revocation. Verification tools show that. > BTW, revocation certificates are not produced by default either. So, why not > advise people to put an expiration date, instead of counselling them The reason why they are not generated by default is that I am sure that many people would accidentally publish the revocation. That is not optimal and thus my current plan is to create a revocation be default but modify the armored file so that it can only be imported after editing the file. > Well, my question is then: Why not restore the key immediately (having stored > it > at the place you would have stored the revocation certificate), and revoke it > then? The key is of course stored at a bank safe. The sheet/cdrom with the revocation is in the drawer of my desk. > the usefulness of revocation certificate, just the advice always popping out > to > generate a revocation certificate in any case, without thinking of whether it > would be useful. Okay, that is a different thing. I plan to change that with a notice saying which file has the edited revocation certificate. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users