David Shaw wrote: >If an attacker compromises the keyserver or in any way distributes >your key himself, he can remove the new self-sig, leaving the old one >behind. > > Isn't it possible to revoke the older selfsig?
Of course, it's still possible for an attacer to compromise the keyserver and/or distribute the key himself, but that risk exists always (e.g. when revoking the whole key - which is the same as revoking all the 0x13 selfsigs....) Chris. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
