On Mon 2015-02-09 12:54:33 -0500, Hugo Osvaldo Barrera wrote: > Out of curiosity: is the revocation reason even saved? Would it be possible > for > gpg to actually use it in future?
Yes, the revocation reason *is* stored in the revocation signature, in the "reason for revocation" subpacket: https://tools.ietf.org/html/rfc4880#section-5.2.3.23 My understanding was that gpg actually does use the revocation reason, but i'm aware that this disagrees with what Peter Lebbing said. i haven't gone ahead and tested this lately. For example, here's an old key of mine that was revoced with the reason "superseded": 0 dkg@alice:~$ gpg --export-options export-minimal --export 0x8974E514A54B6365 | gpg --list-packets | grep revocation\ reason hashed subpkt 29 len 205 (revocation reason 0x01 (This key has been superseded by D21739E9\nMy new key's fingerprint is: 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9\nPlease see http://fifthhorseman.net/key-transition-2007-06-15.txt for more details.)) 0 dkg@alice:~$ the *date* of your "key was superceded" revocation is relevant, though. Any certifications that claim to have happened after the date of the revocation *should* be considered invalid, whereas revocations that happen before that date (but after the key creation date) should retain their validity. --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
