Re: PUBLIC GNUPG KEY REVOCATION FOR DAVID D.W. DOWNEY
> Backing it up was not an option. Yes, it could have gone on some
> networked system somewhere..BUT I will not put my **secret** key on a
> system *I* do not *directly* control.
As mentioned, the standards for security of the revocation key are
much lower. Heck, ocr software has gotten good enough, *printing out*
the ascii-armored revocation certificate would have been sufficient.
> the key is no longer valid. I've done this. I've already attempted to
> have the key removed from the keyservers but can not since no single
And because they don't do that, since they have no reason to trust you.
> and place the secret + public keys and the revocation certificate on
> this CDRW. This will then be kept in a physical-world location to be
I'd still do the printout of the revocation cert. CDR is fairly
long-lived, but I thought CDRW wasn't quite as archival...
> Next, I will generate a new key and resign package 0.5.2-2 with it and
> add the original public key as an additional file with an entry in the
That path seems reasonable (assuming, of course, that you're getting
real signatures on the new key so there's as much reason to trust it
as there was the old one.)
Reply to: