[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Revocation key difficulty

To: ietf-openpgp@xxxxxxx
Subject: Re: Revocation key difficulty
From: David Shaw <dshaw@xxxxxxxxxx>
Date: Wed, 6 Mar 2002 13:45:27 -0500
In-reply-to: <008f01c1c486$773c8040$dfc32609@xxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: ietf-openpgp@xxxxxxx
References: <20020226205856.GB5246@xxxxxxxxxx> <004b01c1bfc4$f39666e0$dfc32609@xxxxxxxxxxxxxxxx> <20020228034024.GA678@xxxxxxxxxx> <003401c1c095$f0e3b700$dfc32609@xxxxxxxxxxxxxxxx> <20020228234334.GE691@xxxxxxxxxx> <008f01c1c486$773c8040$dfc32609@xxxxxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.3.26i

On Tue, Mar 05, 2002 at 03:43:54PM -0500, Michael Young wrote:

> David Shaw noted this PGP (and now GnuPG) behavior:
> > If the designated revoker's key is not present, then a key "revoked"
> > by the designated revoker key is not treated as revoked.  GnuPG - as
> > of this morning - does it the same way.
> 
> I would argue that silently ignoring a missing revoker is a bad default.
> GnuPG is generally very good about issuing warnings (and offering
> options :-).  Would you be willing to do so here (at least when
> a potential revocation is present)?

Good idea.  I think a warning during key import if a key has a
potential revocation on it is appropriate.

> I know this doesn't thwart would-be attackers.  They can always
> remove the revocation itself.  A warning would simply help
> recognize that the key is effectively incomplete, and that the
> revoker should be retrieved.  (Or, have you adjusted GnuPG to
> automatically retrieve revokers after retrieving a key from a server?)

It doesn't, but that's a good idea as well (to be optional, of
course).

David

-- 
David Shaw          |  Technical Lead
<dshaw@xxxxxxxxxx>  |  Enterprise Content Delivery
617-250-3028        |  Akamai Technologies

References:
- Revocation key difficulty
  - From: David Shaw
- Re: Revocation key difficulty
  - From: Michael Young
- Re: Revocation key difficulty
  - From: David Shaw
- Re: Revocation key difficulty
  - From: Michael Young
- Re: Revocation key difficulty
  - From: David Shaw
- Re: Revocation key difficulty
  - From: Michael Young

Prev by Date: Re: Revocation key difficulty
Next by Date: Tailing whitespace, armor lines, and clearsigned messages
Previous by thread: Re: Revocation key difficulty
Next by thread: Re: Revocation key difficulty
Index(es):
- Date
- Thread