1) This is the general situation: http://pastebin.com/NXuJj2h5
User one is the user that i fully trust and has a revocation dated on 18 February 2016 2) Here you can see User one pbkey details: http://pastebin.com/g2tQKzPN 3) Here you can see that user three is treated with validity = full even if it is signed after the revocation of User one key. http://pastebin.com/EEGXcNa2 Fortunately, this is not a real situation, but I tested it to understand what happened in this cases; because i wasn't able to find any documentation about it. 2016-02-19 14:26 GMT+01:00 Peter Lebbing <pe...@digitalbrains.com>: > I can't reproduce this. A revocation correctly invalidates any > certifications *both* before or after the moment of revocation. After > all, the time can be faked.[1] > > I tested with no "revocation reason" specified, by the way. But I don't > think GnuPG uses the revocation reason for anything, although I'm not > 100% sure. > > Could you show some of the output you get, possibly redacted for privacy? > > As a very simple explanation, are you overlooking a different > certification on the key that is still valid and trusted? > > I used GnuPG 2.1.11. > > HTH, > > Peter. > > [1] Other than that, if you revoke a key using the revocation > certificate you made when the key was created, it will show a revocation > date equal to the creation date even though you only uploaded the > certificate years later, for example. Even if only certifications made > after revocation would be invalidated, that situation would still > invalidate all revocations, since they're all later than the key > creation. This is not very relevant to your problem, though, I just > thought it was an interesting observation. > > -- > I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. > You can send me encrypted mail if you want some privacy. > My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
