On Mon, May 4, 2015 at 9:20 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com> wrote:
Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:
If by "key" you purely mean the "N,e" values (in RSA terms) then yes, you
are correct that there is absolutely no way to revoke a key. (PS: I call
this the "key material" specifically to be precise) However if you embed
the expiration time into the Key Packet (see below) then you CAN cause a
validator to raise questions about potentially "bad" signatures if your
private key data gets compromised because any signatures made after the
"hard expiration" would be considered invalid.
For example, what would you do if you saw a signature dated 2014-12-31 on
a key that claimed it was generated on 2015-04-01? (Note that the
generation date *IS* still included in V4, and therefore included in
fingerprint/keyid/signature calculations).
That is precisely why I would not call that a key.
Sorry, but that horse has already left the barn. This is precisely
OpenPGP nomenclature. A Key is a packet that contains a set of data,
part of which is what I would call the "Key Material" but it also
includes other data.
It is not the nomenclature of the field.
People are getting confused. And no wonder. People don't know if what
you are talking about is a public key or a PGP 'key'. And you seem to
be getting confused yourself.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp