Page MenuHome GnuPG

--quick-revoke-uid can be used to revoke last uid, contrary to docs
Closed, ResolvedPublic


The documentation says:

This command revokes a User ID on an existing key. It cannot be used
to revoke the last User ID on key (some non-revoked User ID must
remain), with revocation reason ``User ID is no longer valid''. If
you want to specify a different revocation reason, or to supply
supplementary revocation text, you should use the interactive
sub-command @code{revuid} of @option{--edit-key}.

Which is a bit fuzzy. It can be read as "it is ok to revoke the last uid with a
differen reason", but that is weird, because there is no way to specify the
reason using this command.

I hereby note that

  1. It is possible to revoke the last uid with --quick-revoke-uid.
  2. It is possible to revoke the last uid with --edit-key, with the reason "User

ID is no longer valid".



Event Timeline

justus added a subscriber: justus.

I read the code and documentation for key-edit's revuid, and --quick-revoke-uid,
and the code makes no effort to ensure that one valid UID remains.

I read rfc4880 trying to find the basis for "some non-revoked User ID must
remain", but the only justification I could find is in section 11.1.,
Transferable Public Keys, that states that at least one UID must be included if
one wants to transfer keys.

So, do we actually want to enforce that or fix the documentation?

I think it is easier to enforce this than to handle bug reports due to
export/import and whatever problems.