On 2015-02-09 14:28, Peter Lebbing wrote: > On 08/02/15 20:06, Hugo Osvaldo Barrera wrote: > > Does this mean that if someone revokes their key today, *all past* > > signatures become invalid? > > I believe so, yes. You should probably have expired it instead, sorry. > > Suppose it is revoked because someone stole the key; then that person could > fake signatures set in the past; faking the time. If GnuPG accepted them > because at that time the key wasn't revoked yet, that would create a security > issue. > > And GnuPG, AFAIK, doesn't do anything with the "revocation reason", so it will > see all revocations the same. > > If you haven't uploaded the revocation to a key server, it is possible to have > it unrevoked; your correspondents would need to delete their copy of your > public key and only after that import your new unrevoked key. Say so if you > want me to explain how to surgically alter a key to no longer be revoked. This > however doesn't help when it's already on a keyserver; they will still keep it > revoked no matter what you do. > > HTH, > > Peter. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Oh, that was informative. It's a shame, but I seem to have asked too late and this is already on keyservers. I had not thought that the time could just be forged if it had been stolen. Out of curiosity: is the revocation reason even saved? Would it be possible for gpg to actually use it in future? Thanks -- Hugo Osvaldo Barrera _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
