Re: Identifying revoked certificates
"Michael Young" <mwy-opgp97@the-youngs.org> Fri, 07 September 2001 21:42 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA29449 for <openpgp-archive@odin.ietf.org>; Fri, 7 Sep 2001 17:42:35 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87LVTT22795 for ietf-openpgp-bks; Fri, 7 Sep 2001 14:31:29 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87LVMD22791 for <ietf-openpgp@imc.org>; Fri, 7 Sep 2001 14:31:27 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id RAA76726 for <ietf-openpgp@imc.org>; Fri, 7 Sep 2001 17:23:17 -0400 (EDT)
Received: from mwyoung (dhcp-194-28.transarc.ibm.com [9.38.194.228]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id RAA09210 for <ietf-openpgp@imc.org>; Fri, 7 Sep 2001 17:31:07 -0400 (EDT)
Message-ID: <009e01c137e3$f3c40be0$c23fa8c0@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <p05100309b7baf2e20a43@[192.168.1.180]><010901c135ad$a7233000$fac32609@transarc.ibm.com><p05100325b7bd794fd6a4@[192.168.1.180]><20010906154624.C750@akamai.com><p0510032fb7bd98d93fcc@[192.168.1.180]> <87bsknplyl.fsf@alberti.gnupg.de>
Subject: Re: Identifying revoked certificates
Date: Fri, 07 Sep 2001 17:27:52 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- "Werner Koch" <wk@gnupg.org> wrote: > I don't see a reason for the revocation target specifiers. The only > sound handling of self-signature revocations (and that's what we are > talking about) is to use the latest valid self-signature, be it a If "most recent prevails" is the only sound handling, and you want senders to depend on that, then the specification should say so. There was some resistance to this, though. Are multiple certifications illegal? (If so, the spec should recommend against doing so.) I can see a couple of reasons that I might want to sign the same key/name pair multiple times: different types (generic, persona, etc.), possibly with a specific lifetime associated with each; different notation data; different trust for separate domains ("regular expressions"). Do you not believe in any of these uses? > * Sequence of packets messed up. As it stands, the ordering section doesn't say where to put self-signatures, and it doesn't specify ordering for certificate revocations, so there is no way for things to be "messed up" within a given context. [If a revocation is in the wrong context (e.g., for userId "joe" instead of userId "bob"), then reordering is not particularly easy.] Jon Callas objected to adding an ordering suggestion. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBO5k71mNDnIII+QUHAQG0IQgAkbnCL9CAiO3+j0NlptEBCBn48YGyC82K UCqj2v/1dPEhGB+sitCEb8pvWJ4lc37YDW81krBbkhIhHCOBWOxM59vIFSGiejMA f76TwDlmE7eXYOhTpePZROm3/ABsMjslX2nLCAKq1g2N4DUuFmrS11pVMySN950f bAoDAkP9K0tR78QljbxOQLP73hT5NfLcZHLH8mmNa6NPRd9GHY/Df5Jg9e5/aJ35 f3HBi+s/60caB7PflpXDBT9uFJKSzWlXlmjzCxG3b9exHPYpLF9h4rjxkwwy4Hrj NR2EIftGlenCSnZ4kNkcG+AAb5m38IfE6Av4Wswgf7sDt4e6fYYPHA== =85f5 -----END PGP SIGNATURE-----
- Fixing the secret keys, and a small apology Jon Callas
- Re: Fixing the secret keys, and a small apology Michael Young
- Identifying revoked certificates Michael Young
- Re: Fixing the secret keys, and a small apology Florian Weimer
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates David Shaw
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch