KB Sriram 36bffc3ef5 Always revoke subkeys with a revocation signature. ...

Unlike UID revocations which are "reversible" by newer UID
self-signatures, a subkey revocation should be "permanent" even if
followed by a newer self-signature.

The RFC is ambiguous on this, but this is the convention used by (e.g.)
GnuPG. The rationale for this behaviour is available as comments within
the GnuPG source.

UID signatures:
50c98c7ed6/g10/getkey.c (L1668-L1674)
Subkey signatures:
50c98c7ed6/g10/getkey.c (L1990-L1997)

2016-01-15 15:28:40 -08:00

1001 B

Raw Blame History

View Raw