Ok, so I have to conclude it's implementation specific? I'm using a custom user attribute to store something that can change quite often (privacy lists for a chat user). What do you suggest?
On Fri, Jan 17, 2014 at 1:28 PM, Hauke Laging <mailinglis...@hauke-laging.de> wrote: > Am Fr 17.01.2014, 11:44:55 schrieb Daniele Ricci: > >> My question is the following: suppose I create a user ID or attribute. >> I sign it with my key and that's ok. >> One day I revoke that user ID or attribute and sign it again with a >> certification revocation. >> >> A few years later, I want to restore that user ID or attribute >> because, e.g. I restored an old e-mail address. Is it enough to sign >> the revoked user attribute once again with a valid signature (then >> timestamps will do the rest) or do I have to create a new user ID with >> the same data? > > I am afraid that depends on the implementation. The RfC isn't clear on > that (if I understand it correctly). > > It says about self-signatures (a revocation is not a self-signature in > this sense, though): > > "An implementation that encounters multiple self-signatures on the same > object may resolve the ambiguity in any way it sees fit, but it is > RECOMMENDED that priority be given to the most recent self-signature." > > About revocations it says: > > "0x30: Certification revocation signature > This signature revokes an earlier User ID certification signature > (signature class 0x10 through 0x13) or direct-key signature > (0x1F). It should be issued by the same key that issued the > revoked signature or an authorized revocation key. The signature > is computed over the same data as the certificate that it > revokes, and should have a later creation date than that > certificate." > > IIRC then GnuPG accepts a later self-signature (overriding the > revocation). IMHO that makes most sense. As long as the mainkey isn't > revoked or expired why shouldn't one "change one's mind"? > > I haven't tried now but IIRC you have to delete the revocation first > before you can create a new signature. > > > Hauke > -- > Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ > http://userbase.kde.org/Concepts/OpenPGP_Help_Spread > OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 -- Daniele _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
