[openpgp] signer-agnostic signatures

vedaal@nym.hush.com Mon, 17 March 2014 15:39 UTC

Return-Path: <vedaal@nym.hush.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 8E50B1A02FD for <openpgp@ietfa.amsl.com>; Mon, 17 Mar 2014 08:39:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id i-NzTK8TL2wI for <openpgp@ietfa.amsl.com>; Mon, 17 Mar 2014 08:39:42 -0700 (PDT)
Received: from smtp10.hushmail.com (smtp10.hushmail.com []) by ietfa.amsl.com (Postfix) with ESMTP id 7B4941A02F5 for <openpgp@ietf.org>; Mon, 17 Mar 2014 08:39:42 -0700 (PDT)
Received: from smtp10.hushmail.com (localhost []) by smtp10.hushmail.com (Postfix) with SMTP id A4611C014A for <openpgp@ietf.org>; Mon, 17 Mar 2014 15:39:34 +0000 (UTC)
Received: from smtp.hushmail.com (w7.hushmail.com []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp10.hushmail.com (Postfix) with ESMTPS for <openpgp@ietf.org>; Mon, 17 Mar 2014 15:39:34 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99) id 69A37206F2; Mon, 17 Mar 2014 15:39:34 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 17 Mar 2014 11:39:33 -0400
To: openpgp@ietf.org
From: vedaal@nym.hush.com
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20140317153934.69A37206F2@smtp.hushmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/FtZeHRXbfGX_ntLjtpPHNrwVTS4
Subject: [openpgp] signer-agnostic signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 15:39:43 -0000

Instead of multiple users sharing a key, what if they just shared the passphrase, 
and the signature done with a passphrase string-to key as in conventional encryption, rather than with an actual key?

The passphrase could be changed regularly and put up as a webpage or post, that was simultaneously encrypted to different users' public keys.

This way, there would be no revocation issues, as a revoked key could still be used for decryption, and so, some form of repudiable signatures could be achieved.