IETF Logo Mail Archive

Re: Identifying revoked certificates

"Michael Young" <mwy-opgp97@the-youngs.org> Fri, 07 September 2001 04:21 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA16935 for <openpgp-archive@odin.ietf.org>; Fri, 7 Sep 2001 00:21:40 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f872sVv20829 for ietf-openpgp-bks; Thu, 6 Sep 2001 19:54:31 -0700 (PDT)
Received: from smtprelay2.adelphia.net (smtprelay2.adelphia.net [64.8.25.7]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f872sJD20825 for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 19:54:30 -0700 (PDT)
Received: from mwyoung ([24.48.51.230]) by smtprelay2.adelphia.net (Netscape Messaging Server 4.15) with SMTP id GJ9UR303.33D for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 22:54:39 -0400
Message-ID: <001f01c13748$0f79d460$c23fa8c0@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <p05100309b7baf2e20a43@[192.168.1.180]> <010901c135ad$a7233000$fac32609@transarc.ibm.com> <p05100325b7bd794fd6a4@[192.168.1.180]> <20010906154624.C750@akamai.com> <002301c13717$dd93a1e0$e4c22609@transarc.ibm.com> <p05100330b7bd9c51106e@[192.168.1.180]>
Subject: Re: Identifying revoked certificates
Date: Thu, 06 Sep 2001 22:51:48 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

From: "Jon Callas" <jon@callas.org>
> >  that they use order of arrival.  [Just the same, would anyone object
> >  to suggesting this ordering in section 10?]
> 
> Yes. A change to the standard that requires all the implementations to
> change is not desirable. I don't see what good it does for them other than,
> "You'll thank me for this later." Telling them how to write their programs
> adds complexity, and complexity lessens security.

I didn't intend to *require* any ordering, only to *suggest* one,
and only for interchange.

Your principle would argue for eliminating all of the ordering rules.
Why should userIDs precede subkeys?  (For that matter, why should
signatures have to follow the key/userid/subkey to which they
refer -- an implementation *could* always try them all :-).  Ordering
helps receivers match things up.

All that said, I'll retract my suggestion.  It was just a hint,
but as we both noted, matching using the hash is pretty
straightforward, and is dwarfed by the PK verification
anyway.  Sorry for the excursion.


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO5g2I2NDnIII+QUHAQGAqgf/dfM0TXVzTwnsJCxl7GbPjS3sHHuPl6uC
0otpvdx/2oqfEMswhzay8xmt1aA+VJL7fflJctG3pRDxFFv4cacg+UqKoaZdWfqv
cZZC7TiFZa4mdCYGCx9AzwvP05zTw7Sa7QMlAqLrxGHTtfcO2DLi/JguowGyfO8A
Pjzmd6jUGGLGdlIPcJ7qInAx3EcmFOHc08xJ2r3tFyQG5Ke9Z5SWsSHMgiIzSJ8E
PaAKmcuP+Kh2Szf2GRqfzFbrXU/A/bP6FC1bnGEIHrD3FcNajJ5SUbbNPyKutUdJ
dq6YMRHoToqSFcRUJHWjbOWQKDMZZ+6gct61w4ATuNONCi/QBRfoVw==
=3O2g
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email