On Mon, Feb 09, 2009 at 05:17:01PM +0100, Kai Wasserbäch wrote: > I'd expect GnuPG to behave like this. For me the revocation singals that I've > lost control over the secret key and therefore any access should be blocked - > if > possible. But that's just my singular opinion and possibly the wrong way to > see it.
Try to revoke a key with gnupg, and read the list of reasons for revocation. Here's a simple use case for revocation without compromission: I revoke a 1024b subkey because I've switched to a 4096b subkey. But even if the subkey, or the key, has been compromised: sure enough, it shouldn't be used for signing. But we are talking about *decryption*! Why shouldn't I be allowed to use it to read my own old encrypted data, maybe (here's another quite legitimate use case) in order to reencrypt it using the new key? Ciao, Enrico -- GPG key: 1024D/797EBFAB 2000-12-05 Enrico Zini <enr...@debian.org>
signature.asc
Description: Digital signature