On Apr 26, 2011, at 4:12 PM, Doug Barton wrote: > On 04/26/2011 13:06, Aaron Toponce wrote: >> I signed a key, of which defaulted to cert-level 0 (I will not answer), >> which must be the default. When signing the key, GunPG didn't ask me about >> any checking. However, I would like to update the cert-level to 2 (I have >> done casual checking), but I'm unaware of how to do this. Do I need to >> revoke my signature, and re-sign, seeing as though GnuPG won't let my sign >> the key if I've already signed it? > > I think you can delsig, then sign again. The keyservers would have both, but > hopefully client software (like gpg) would be smart enough to use the more > recent?
Yes. > I would imagine that revoking a signature and then signing again would make > it worse instead of better? Not really worse or better in practice. The semantics are slightly different for the two cases, but the end result is the same. In the revocation case, you have sig1+revoke1+sig2, so the end result is to use sig2. In the superseding case, you have sig1+sig2, and the end result is also to use sig2. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
