On 01/17/2014 02:03 PM, Johannes Zarl wrote: > If the revocation is a final act, as long as I can make sure that the > revocation certificate reaches my communication partners I can be sure that > nobody can compromise the key and "reenable" it and start impersonating me. > > If, however, the revocation is only a temporary act until a newer self- > signature supersedes it, it would be almost impossible to effectively and > permanently revoke a key. One would either (as long as the private key is not > yet compromised) have to destroy the private key, or make sure that all > communication partners somehow prevent the key from receiving further > updates...
I think you're conflating revocation of the primary key with revocation
of a user ID.
Revocation of a primary key is permanent and cannot be overridden.
Revocation of a user ID can be overridden as long as the primary key
(the one making the certification) is not itself revoked.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
