[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Series of minor questions about OpenPGP 4
On Thu, Jan 29, 2009 at 11:30 PM, David Shaw <dshaw@xxxxxxxxxxxxxxx> wrote:
> It doesn't actually revoke all of them. A 0x30 revocation on a 0x1F
> signature revokes (potentially) all of them that are a) from the same
> issuer (or from that issuer's designated revoker), and b) timestamped
> earlier than the revocation. It cannot revoke ones that come after
Uhm? Why this? I'd thought it would only revoke the specifically
revoked signature, as "the signature is computed over the same data as
the certificate that it revokes".
Am I missing something?
> Even then there is the possibility of confusion of which signature you
> intend to revoke. In those cases, you can always specify a particular
> signature to revoke using the Signature Target subpacket in the
> revocation. Arguably, you could even revoke multiple signatures with
> one revocation by using multiple subpackets.
> Not, it should be pointed out, that many (any?) implementations
> support Signature Targets yet. But the semantics are there.
Uhm ok,.. so how does an implementation figure out which certificate
is revoked by a revocation signature?