Use of revocation certificates for PGP/GPG
Bill Horne
bhorne at stalwart.ne.mediaone.net
Wed Dec 19 12:38:33 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI: to those whom are using PGP/GPG: I *almost* posted an
incorrect key to the keyserver, and asked the dtype.org owner
if such an occurance could be reversed. The answer was "no".
I apparently generated two key pairs with the same email id while
learning how to use GPG, and only caught the mistake while verifying
jabr's list for tonight's key party.
This brings home the point jabr made: always generate a revocation
key, and print it out, for EVERY public key you have, and make
sure that the keys on your keyrings are consistent with each other.
Bill "Why is it easy to admit a mistake you *almost* made?" Horne
>M. Drew Streib <dtype at dtype.org> wrote:
>>On Wed, Dec 19, 2001 at 10:23:31AM -0500, Bill Horne <bh at blu.org> wrote:
>> ... is there a provision to erase accidentally
>> posted keys from the keyservers? I know that revocation is
>> the "approved" procedure, but is there a "five second rule"
>> that allows you to erase a key that's been posted by mistake?
>There really isn't. The sync protocol pretty much immediately sends
>the new keys to other keyservers, and the only way to be sure that
>the key isn't used is to revoke it. While this seems 'messy' at first,
>it really is the only way to go, and in fact there are many, many, many
>revoked keys floating around keyservers.
- -drew
M. Drew Streib <dtype at dtype.org>, Free Standards Group
(freestandards.org)
co-founder, SourceForge.net | core team, freedb | sysadmin, Linux Intl.
creator, keyanalyze report | maintnr, *.us.pgp.net | other, see
freedom/law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjwgz2EACgkQx11nPgALh5dK6wCcCpKO1rKlQDZ2qKlwOtJxrnyc
GzYAnj5o7vHaRInjLtXRrvzEYddWrStB
=RZg4
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list