> On 27 Dec 2019, at 20:52, Werner Koch <w...@gnupg.org> wrote:
>
> On Thu, 26 Dec 2019 23:04, Dirk-Willem van Gulik said:
>
>> But this does not seem to happen when doing a --quick-add-key
>> subkey. Is this intentional ? Or is there a flag one can set ?
>
> Right. If you want to revoke a subkey we can assume that you still have
> access to the primary key and thus it is possible to create a specific
> revocation. If you don't have access to the primary key anymore, a
> subkey revocation does not make sense because you can't create a new one
> - in that case revoke the entire keyblock using the prefabricated
> revocation.
Thanks - had not though of it in that fashion (in our use case - the governance
is a bit less personal - and we want to be able to revoke a sub-key without
much (additional) interaction -- so pre-generating them & leaving them domestic
makes sense).
Dw
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users