Re: Identifying revoked certificates

Werner Koch <wk@gnupg.org> Sat, 08 September 2001 21:53 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA00090 for <openpgp-archive@lists.ietf.org>; Sat, 8 Sep 2001 17:53:33 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f88LdHL29577 for ietf-openpgp-bks; Sat, 8 Sep 2001 14:39:17 -0700 (PDT)
Received: from kasiski.gnupg.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f88LdDD29573 for <ietf-openpgp@imc.org>; Sat, 8 Sep 2001 14:39:14 -0700 (PDT)
Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.22 #1 (Debian)) id 15fqkC-0000h9-00; Sun, 09 Sep 2001 00:38:32 +0200
Received: from wk by alberti.gnupg.de with local (Exim 3.22 #1 (Debian)) id 15ff0v-0005LB-00; Sat, 08 Sep 2001 12:07:01 +0200
To: Michael Young <mwy-opgp97@the-youngs.org>
Cc: ietf-openpgp@imc.org
Subject: Re: Identifying revoked certificates
References: <p05100309b7baf2e20a43@[192.168.1.180]> <010901c135ad$a7233000$fac32609@transarc.ibm.com> <p05100325b7bd794fd6a4@[192.168.1.180]> <20010906154624.C750@akamai.com> <p0510032fb7bd98d93fcc@[192.168.1.180]> <87bsknplyl.fsf@alberti.gnupg.de> <009e01c137e3$f3c40be0$c23fa8c0@transarc.ibm.com>
From: Werner Koch <wk@gnupg.org>
Organisation: g10 Code GmbH
X-PGP-KeyID: 621CC013
X-Request-PGP: finger://wk@g10code.com
Date: Sat, 08 Sep 2001 12:07:01 +0200
In-Reply-To: <009e01c137e3$f3c40be0$c23fa8c0@transarc.ibm.com> ("Michael Young"'s message of "Fri, 7 Sep 2001 17:27:52 -0400")
Message-ID: <87r8ti2dyy.fsf@alberti.gnupg.de>
Lines: 23
User-Agent: Gnus/5.090004 (Oort Gnus v0.04) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Fri, 7 Sep 2001 17:27:52 -0400, Michael Young said:

>     different types (generic, persona, etc.), possibly with
>      a specific lifetime associated with each;

Better use a different key.

>     different notation data;

>     different trust for separate domains ("regular expressions").

If you can do a new signatue, you can put the old notation data in as
well. 

> Do you not believe in any of these uses?

Partly.


-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus