Re: Identifying revoked certificates
"Michael Young" <mwy-opgp97@the-youngs.org> Fri, 07 September 2001 04:21 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA16935 for <openpgp-archive@odin.ietf.org>; Fri, 7 Sep 2001 00:21:40 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f872sVv20829 for ietf-openpgp-bks; Thu, 6 Sep 2001 19:54:31 -0700 (PDT)
Received: from smtprelay2.adelphia.net (smtprelay2.adelphia.net [64.8.25.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f872sJD20825 for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 19:54:30 -0700 (PDT)
Received: from mwyoung ([24.48.51.230]) by smtprelay2.adelphia.net (Netscape Messaging Server 4.15) with SMTP id GJ9UR303.33D for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 22:54:39 -0400
Message-ID: <001f01c13748$0f79d460$c23fa8c0@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <p05100309b7baf2e20a43@[192.168.1.180]> <010901c135ad$a7233000$fac32609@transarc.ibm.com> <p05100325b7bd794fd6a4@[192.168.1.180]> <20010906154624.C750@akamai.com> <002301c13717$dd93a1e0$e4c22609@transarc.ibm.com> <p05100330b7bd9c51106e@[192.168.1.180]>
Subject: Re: Identifying revoked certificates
Date: Thu, 06 Sep 2001 22:51:48 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- From: "Jon Callas" <jon@callas.org> > > that they use order of arrival. [Just the same, would anyone object > > to suggesting this ordering in section 10?] > > Yes. A change to the standard that requires all the implementations to > change is not desirable. I don't see what good it does for them other than, > "You'll thank me for this later." Telling them how to write their programs > adds complexity, and complexity lessens security. I didn't intend to *require* any ordering, only to *suggest* one, and only for interchange. Your principle would argue for eliminating all of the ordering rules. Why should userIDs precede subkeys? (For that matter, why should signatures have to follow the key/userid/subkey to which they refer -- an implementation *could* always try them all :-). Ordering helps receivers match things up. All that said, I'll retract my suggestion. It was just a hint, but as we both noted, matching using the hash is pretty straightforward, and is dwarfed by the PK verification anyway. Sorry for the excursion. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBO5g2I2NDnIII+QUHAQGAqgf/dfM0TXVzTwnsJCxl7GbPjS3sHHuPl6uC 0otpvdx/2oqfEMswhzay8xmt1aA+VJL7fflJctG3pRDxFFv4cacg+UqKoaZdWfqv cZZC7TiFZa4mdCYGCx9AzwvP05zTw7Sa7QMlAqLrxGHTtfcO2DLi/JguowGyfO8A Pjzmd6jUGGLGdlIPcJ7qInAx3EcmFOHc08xJ2r3tFyQG5Ke9Z5SWsSHMgiIzSJ8E PaAKmcuP+Kh2Szf2GRqfzFbrXU/A/bP6FC1bnGEIHrD3FcNajJ5SUbbNPyKutUdJ dq6YMRHoToqSFcRUJHWjbOWQKDMZZ+6gct61w4ATuNONCi/QBRfoVw== =3O2g -----END PGP SIGNATURE-----
- Fixing the secret keys, and a small apology Jon Callas
- Re: Fixing the secret keys, and a small apology Michael Young
- Identifying revoked certificates Michael Young
- Re: Fixing the secret keys, and a small apology Florian Weimer
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates David Shaw
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch