[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Series of minor questions about OpenPGP 4

To: ietf-openpgp@xxxxxxx
Subject: Re: Series of minor questions about OpenPGP 4
From: Peter Thomas <p4.thomas@xxxxxxxxxxxxxx>
Date: Fri, 30 Jan 2009 20:17:41 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=B7v8e/GplcI9ofc0Y9PMidZ+yGRq86q+F2t+2V7tWUg=; b=WP+/doenbQkJNzBf6JNh37/TBFB28zvPI2PUW+/qh9Ge9XjjVSbsh3WTInasIIBv1o QRGiw8EXv58zDm3Kf6kUOlLXbbs8vWzSmLrNG0MSU93sZYm+WL/uLwPaj3rUHGbYUiUW UmOCSDQz0HfxbLHbu3J4KSO3Hw/aDFaKKQ3LQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=wPc++H6fvcCyWfUJwW36nVrkMgn1WRWzN48gtQS/AVjZdxUdqZOSEoz3K9R6504qIy OHxYPlY/Lewo2bJQ1HC+9Apv6t2rs/SPbSP0TH2ZgSt0oJeHtiVLiE30qsxnlCWspKNS dNsv7GGsqTpAZAsEkigmanE0TLspDi31sQLE4=
In-reply-to: <20090129223044.GA16884@xxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <20090128184824.E28D614F6E1@xxxxxxxxxx> <9ef756150901291042q4df30e9bifa0a7c95cc475a4d@xxxxxxxxxxxxxx> <20090129205321.GB16331@xxxxxxxxxxxxxxx> <49822782.5090405@xxxxxxxxxxxxxxxx> <20090129223044.GA16884@xxxxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

On Thu, Jan 29, 2009 at 11:30 PM, David Shaw <dshaw@xxxxxxxxxxxxxxx> wrote:
> It doesn't actually revoke all of them.  A 0x30 revocation on a 0x1F
> signature revokes (potentially) all of them that are a) from the same
> issuer (or from that issuer's designated revoker), and b) timestamped
> earlier than the revocation.  It cannot revoke ones that come after
> it.
Uhm? Why this? I'd thought it would only revoke the specifically
revoked signature, as "the signature is computed over the same data as
the certificate that it revokes".
Am I missing something?

> Even then there is the possibility of confusion of which signature you
> intend to revoke.  In those cases, you can always specify a particular
> signature to revoke using the Signature Target subpacket in the
> revocation.  Arguably, you could even revoke multiple signatures with
> one revocation by using multiple subpackets.
>
> Not, it should be pointed out, that many (any?) implementations
> support Signature Targets yet.  But the semantics are there.
Uhm ok,.. so how does an implementation figure out which certificate
is revoked by a revocation signature?

Follow-Ups:
- Re: Series of minor questions about OpenPGP 4
  - From: David Shaw

References:
- Re: Series of minor questions about OpenPGP 4
  - From: "Hal Finney"
- Re: Series of minor questions about OpenPGP 4
  - From: Peter Thomas
- Re: Series of minor questions about OpenPGP 4
  - From: David Shaw
- Re: Series of minor questions about OpenPGP 4
  - From: Daniel A. Nagy
- Re: Series of minor questions about OpenPGP 4
  - From: David Shaw

Prev by Date: Re: Series of minor questions about OpenPGP 4
Next by Date: Re: Series of minor questions about OpenPGP 4
Previous by thread: Re: Series of minor questions about OpenPGP 4
Next by thread: Re: Series of minor questions about OpenPGP 4
Index(es):
- Date
- Thread