On 04/26/2011 13:49, David Shaw wrote:
On Apr 26, 2011, at 4:12 PM, Doug Barton wrote:
On 04/26/2011 13:06, Aaron Toponce wrote:
I signed a key, of which defaulted to cert-level 0 (I will not answer),
which must be the default. When signing the key, GunPG didn't ask me about
any checking. However, I would like to update the cert-level to 2 (I have
done casual checking), but I'm unaware of how to do this. Do I need to
revoke my signature, and re-sign, seeing as though GnuPG won't let my sign
the key if I've already signed it?
I think you can delsig, then sign again. The keyservers would have both, but
hopefully client software (like gpg) would be smart enough to use the more
recent?
Yes.
I would imagine that revoking a signature and then signing again would make it
worse instead of better?
Not really worse or better in practice. The semantics are slightly different
for the two cases, but the end result is the same. In the revocation case, you
have sig1+revoke1+sig2, so the end result is to use sig2. In the superseding
case, you have sig1+sig2, and the end result is also to use sig2.
Ok, thanks for confirming that I'm not a complete loonie. :)
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
