rnp icon indicating copy to clipboard operation
rnp copied to clipboard

Published 20 hours ago verified publisher icon rnpgp

Inspect corner case with revoked userid, which is self-certified afterwards.

Open ni4 opened this issue 4 years ago • 1 comments

Description

Right now we mark userid as revoked if it has at least one valid user-certification revocation. However, it seems that other implementations allows such userids (but only if new self-certification is issued after the revocation).

See more details here: https://bugzilla.mozilla.org/show_bug.cgi?id=1695724

ni4 avatar May 14 '21 14:05 ni4

Some more details: key contains userid revocations, not the key revocations. So, since key itself wasn't compromised, and user just revoked and then certified userid back, we should not mark such userid (and key) as invalid.

ni4 avatar Oct 11 '21 11:10 ni4