Jon Callas <jon(_at_)callas(_dot_)org> writes:
The reason is that if you have two keys that have the same key material, they
will have different fingerprints (unless they also have the same date).
It's an inherent conflict in the way PGP identifies keys: To identify a key
for use, you want to identify a unique instance of the key
{key_value,owner,date,etc}. To identify a key for revocation, you want to
identify all instances of the key {key_value}. Other key management systems
(e.g. X.509) have the same flaw - you can't use the same ID type for both key
use and key revocation. (X.509 is in theory supposed to work around this by
only having a single cert for a key, but in practice people just reuse the
same key for everything, so it doesn't work there either).
Peter.