On 24/02/2022 16:59, Robert J. Hansen via Gnupg-users wrote:
Sounds like a defect to me, do you have a problem report ticket with
Thunderbird or a forum entry which described the problem in more detail
(like which version is affected).
It turns out the actual behavior is a little different than I originally 
described.  If you have a valid certificate with a given email address, 
and a revoked certificate (or certificates) with that same email 
address, it will silently add the revoked certificates, as well as the 
valid one, to your email.  This is still a bad idea.
I can confirm this happened to me when I specifically ticked "Attach my 
public key" in TB's composer - it also attached the revocation cert for 
an ancient key that I still have in my keyring but never used for anything.
--
Andrew Gallagher

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to