Netiquette, GPG Keys, Keyservers

Charles Howse chowse at charter.net
Tue May 4 17:15:24 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 03 May 2004 07:46 am, Alexander Dalloz wrote:
> Am Mo, den 03.05.2004 schrieb Charles Howse um 11:22:
> > First, I have 2 gpg keys out there...search for my email address on
> > http://pgp.mit.edu/
> >
> > I've lost the revocation cert for the older key, so I suppose I can't get
> > rid of it...?
>
> I may be corrected, but I think all you need is to remember the
> passphrase of the key you want to revoke. See i.e.
>
> http://www.rediris.es/cert/servicios/keyserver/remove.en.html
> http://www.cryptnet.net/fdp/crypto/gpg-party.html#ss3.7
> http://www.nmlug.org/faqs/gen-gpg-key.html

Alexander, I have read the above pages carefully, and everything seems to 
indicate that I must possess the private key in order to create a revocation 
certificate.  Is that the way you read it?

I do not have the key, nor a revocation cert.
Even though I remember the passphrase, it looks like it won't do any good 
without the private key.

> > Second, what is the accepted way of making it easy for someone reading my
> > signed email to import my key from the keyserver?
> > Should I post the fingerprint or id in my sig?
>
> In my opinion that would be helpful. People using GPG/PGP should then be
> able to locate your public key on the keyserver and import it to the own
> keyring for verification. And of course, the recommended way to publish
> your public key is to put in on the keyserver.

OK, my public key has been on the keyserver @ mit.edu for some time now, and I 
have added the ID to my sig.

- -- 
Charles Howse
Jackson, TN
Registered Linux user # 347576 (http://counter.li.org)
GnuPG ID - 1F5130A8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAl8+x/S+VsB9RMKgRAt1DAJ9T7ZgWZXCwYtHtG8gogvQSSz8BjQCdFcZp
wkTATjFjtRAaaNMYA6yEYuU=
=s3a0
-----END PGP SIGNATURE-----





More information about the fedora-list mailing list