I can't reproduce this. A revocation correctly invalidates any certifications *both* before or after the moment of revocation. After all, the time can be faked.[1]
I tested with no "revocation reason" specified, by the way. But I don't think GnuPG uses the revocation reason for anything, although I'm not 100% sure. Could you show some of the output you get, possibly redacted for privacy? As a very simple explanation, are you overlooking a different certification on the key that is still valid and trusted? I used GnuPG 2.1.11. HTH, Peter. [1] Other than that, if you revoke a key using the revocation certificate you made when the key was created, it will show a revocation date equal to the creation date even though you only uploaded the certificate years later, for example. Even if only certifications made after revocation would be invalidated, that situation would still invalidate all revocations, since they're all later than the key creation. This is not very relevant to your problem, though, I just thought it was an interesting observation. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users