On Mon, 29 Jul 2019 09:43, gnupg-users@gnupg.org said: > it that way", i think. Perhaps Werner can provide more background on > why GnuPG is generally resistant to holding OpenPGP certificates that > have no User ID at all in its local keyring.
The user ID is important because the accompanying self-signature conveys important information about the keyblock. For example expiration date and preferences. It is true that this can also be conveyed with direct-key-signatures (a self-signature directly on a key which was mainly introduced for dedicated revocations). However, this is a not so well tested feature of gpg and my educated guess is that many other OpenPGP implementations do not handle direct-key signatures in a way compatible to pgp or gpg - if at all. Thus by relying on them we would sail into uncharted waters. > Doing such a merge would be super helpful, particularly for receiving > things like subkey updates and revocation information from I agree that we can add a code path to import a primary key plus revocation certificate but without user-ids. PGP however, does not support this and is the reason why we extended the revocation certifciate with a minmal primary key. Update of subkeys is a different issue and I see no solid use case for allowing that without user-id (cf. expiration date of the primary key). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users