Re: [openpgp] Revoking Keys: Adding a superceded-by parameter
Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com> Mon, 27 July 2015 08:05 UTC
Return-Path: <kristian.fiskerstrand@sumptuouscapital.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F9691AD09D for <openpgp@ietfa.amsl.com>; Mon, 27 Jul 2015 01:05:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.335
X-Spam-Level:
X-Spam-Status: No, score=-1.335 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1CkXIjLCMXv6 for <openpgp@ietfa.amsl.com>; Mon, 27 Jul 2015 01:05:15 -0700 (PDT)
Received: from mail-lb0-f173.google.com (mail-lb0-f173.google.com [209.85.217.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38AC21ACE0A for <openpgp@ietf.org>; Mon, 27 Jul 2015 01:05:15 -0700 (PDT)
Received: by lblf12 with SMTP id f12so48025181lbl.2 for <openpgp@ietf.org>; Mon, 27 Jul 2015 01:05:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=Dehiw70j6lW732aGiYJdVlnNnKksu2wE45SIhOpPMUI=; b=kRK1AqyZ+dcYpP3VmtgT9ZYLzG8uBLERFmDIVhfFxa+ZLs82mew9/uSQ7mf5saDpPx hd/OIUdDMIkpK0uP5xWNmkjELt3Nq0C4yLco0KZSDTpEKrS2t+8/CW0OTvBiJUy1ieDY jPi5Th7wFtJaesDkICqV2ByYA0hNySQHJe+Rtmc/kCTD4pPPGzPbFI9q+qpqlICoP52+ XBqQKk93uw50GbO/aNdpa2QG5uakFN8uD7EpmqDifEPVj/TD9UNVGW9STz0TWE4aB+U4 UgXpQhn5vPSq5brK6eFY7xiz7pfM8B+8/fR8r/MQuGR1cfvj6Ch8LDU0Q4UfEoMDct95 TR3Q==
X-Gm-Message-State: ALoCoQlgLrnAZHnbFuvuuoIpOafI6tN/+tZOOGMJANv098NRFuZ/oyFA2HAhZwfXrDq/5dhR5Lkt
X-Received: by 10.112.166.106 with SMTP id zf10mr25706027lbb.36.1437984313361; Mon, 27 Jul 2015 01:05:13 -0700 (PDT)
Received: from [172.20.10.2] (2.150.32.140.tmi.telenormobil.no. [2.150.32.140]) by smtp.googlemail.com with ESMTPSA id ph4sm3764744lbb.3.2015.07.27.01.05.12 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 Jul 2015 01:05:12 -0700 (PDT)
To: Werner Koch <wk@gnupg.org>
References: <87wpxvjf9d.wl-neal@walfield.org> <87d1zmlv3p.fsf@vigenere.g10code.de> <87twsyk35z.wl-neal@walfield.org> <87y4i9je9f.fsf@alice.fifthhorseman.net> <87h9osnswg.wl-neal@walfield.org> <874mks7yx1.fsf@littlepip.fritz.box> <878ua39qz5.fsf@vigenere.g10code.de> <87y4i36l1x.fsf@littlepip.fritz.box> <87mvyi86i1.fsf@vigenere.g10code.de>
From: Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>
Message-ID: <55B5E5E0.1090506@sumptuouscapital.com>
Date: Mon, 27 Jul 2015 10:03:44 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <87mvyi86i1.fsf@vigenere.g10code.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/9N0JiJzFzoF4JmtpvGAi-H4-MaA>
Cc: IETF OpenPGP <openpgp@ietf.org>, Vincent Breitmoser <look@my.amazin.horse>
Subject: Re: [openpgp] Revoking Keys: Adding a superceded-by parameter
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2015 08:05:17 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 07/27/2015 08:22 AM, Werner Koch wrote: > On Sun, 26 Jul 2015 16:38, look@my.amazin.horse said: > >> As in, deprecate the subpacket? Or move it towards notation >> data? > > The discussion was around the idea to deprecate the use of the > reason for revocation because it is pretty complicated to make real > use of it due to non-easy semantics. I can think of at least one specific use case where this information is needed. I'm somewhat ambivalent to whether this is given as specific subpacket or a notation; if we were to implement it again the latter would make sense, but not sure if it is worthwhile breaking backwards compatibility for deprecating it. Anyways, the use case is you have a revocation certificate as part of the will and a copy is stored with the executor. The reason for revocation states "This key is revoked by the Power of Attorney granted to the executor of the Last Will and Testament of Y", and likely contains a version identifier to be able to trace any non sanctioned use. Obviously you wouldn't give your attorney a copy of your private key, but you do want them to be able to follow the instructions for revoking and notifying the appropriate channels in the event a stone falls in the back of your head. The reason for revocation in this case at least should be a good indicator to other holders of the key about the situation and provides valuable information. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Aut disce aut discede Either learn or leave -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVteXcAAoJECULev7WN52FHKgH/0bi2Ezq1ls9DOU/Qq748p0/ 44BcT5PC97X1uaqTkHV7pcb7azS5FUfnwdLIzy6wfWhce4L2jOqqho+sWl6Nq93G LYMPsCFYRvGCu/+oOU2K0BDb3nT5azL0U94nQUQEreDLssl0R2MyrIcNApZZVyf4 9oP0Fjxy/5hIoPpAmri1JVvHLuC6G833h/MEo864bMNvV/cTh+VwwFVlCX+nKRR8 3dzzfD5l691ri/I9pZ5s7EhDo0KlqidUmv1VzLr0mkei7hWPKwUzy//308CkWO9w Qh4YfOt20CFgtkKv/o0SM9NR8jlDWGBpjRCege1w+j3h19eS7oYbXbLqfWerKwY= =9+ie -----END PGP SIGNATURE-----
- [openpgp] Revoking Keys: Adding a superceded-by p… Neal H. Walfield
- Re: [openpgp] Revoking Keys: Adding a superceded-… Werner Koch
- Re: [openpgp] Revoking Keys: Adding a superceded-… Neal H. Walfield
- Re: [openpgp] Revoking Keys: Adding a superceded-… Daniel Kahn Gillmor
- Re: [openpgp] Revoking Keys: Adding a superceded-… Neal H. Walfield
- Re: [openpgp] Revoking Keys: Adding a superceded-… Vincent Breitmoser
- Re: [openpgp] Revoking Keys: Adding a superceded-… Neal H. Walfield
- Re: [openpgp] Revoking Keys: Adding a superceded-… Vincent Breitmoser
- Re: [openpgp] Revoking Keys: Adding a superceded-… Werner Koch
- Re: [openpgp] Revoking Keys: Adding a superceded-… Werner Koch
- Re: [openpgp] Revoking Keys: Adding a superceded-… Vincent Breitmoser
- Re: [openpgp] Revoking Keys: Adding a superceded-… Werner Koch
- Re: [openpgp] Revoking Keys: Adding a superceded-… Kristian Fiskerstrand
- Re: [openpgp] Revoking Keys: Adding a superceded-… Daniel Kahn Gillmor