On 24/02/2022 16:59, Robert J. Hansen via Gnupg-users wrote:
Sounds like a defect to me, do you have a problem report ticket with Thunderbird or a forum entry which described the problem in more detail (like which version is affected).It turns out the actual behavior is a little different than I originally described. If you have a valid certificate with a given email address, and a revoked certificate (or certificates) with that same email address, it will silently add the revoked certificates, as well as the valid one, to your email. This is still a bad idea.
I can confirm this happened to me when I specifically ticked "Attach my public key" in TB's composer - it also attached the revocation cert for an ancient key that I still have in my keyring but never used for anything.
-- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
