IETF Logo Mail Archive

Re: Identifying revoked certificates

"Michael Young" <mwy-opgp97@the-youngs.org> Fri, 07 September 2001 21:42 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA29449 for <openpgp-archive@odin.ietf.org>; Fri, 7 Sep 2001 17:42:35 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f87LVTT22795 for ietf-openpgp-bks; Fri, 7 Sep 2001 14:31:29 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f87LVMD22791 for <ietf-openpgp@imc.org>; Fri, 7 Sep 2001 14:31:27 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id RAA76726 for <ietf-openpgp@imc.org>; Fri, 7 Sep 2001 17:23:17 -0400 (EDT)
Received: from mwyoung (dhcp-194-28.transarc.ibm.com [9.38.194.228]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id RAA09210 for <ietf-openpgp@imc.org>; Fri, 7 Sep 2001 17:31:07 -0400 (EDT)
Message-ID: <009e01c137e3$f3c40be0$c23fa8c0@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <p05100309b7baf2e20a43@[192.168.1.180]><010901c135ad$a7233000$fac32609@transarc.ibm.com><p05100325b7bd794fd6a4@[192.168.1.180]><20010906154624.C750@akamai.com><p0510032fb7bd98d93fcc@[192.168.1.180]> <87bsknplyl.fsf@alberti.gnupg.de>
Subject: Re: Identifying revoked certificates
Date: Fri, 07 Sep 2001 17:27:52 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

"Werner Koch" <wk@gnupg.org> wrote:
> I don't see a reason for the revocation target specifiers.  The only
> sound handling of self-signature revocations (and that's what we are
> talking about) is to use the latest valid self-signature, be it a

If "most recent prevails" is the only sound handling, and you
want senders to depend on that, then the specification should say so.
There was some resistance to this, though.

Are multiple certifications illegal?  (If so, the spec should
recommend against doing so.)  I can see a couple of reasons
that I might want to sign the same key/name pair multiple
times:
    different types (generic, persona, etc.), possibly with
     a specific lifetime associated with each;

    different notation data;

    different trust for separate domains ("regular expressions").

Do you not believe in any of these uses?

>   * Sequence of packets messed up. 

As it stands, the ordering section doesn't say where to put
self-signatures, and it doesn't specify ordering for certificate
revocations, so there is no way for things to be "messed up" within a
given context.  [If a revocation is in the wrong context (e.g., for
userId "joe" instead of userId "bob"), then reordering is not
particularly easy.]  Jon Callas objected to adding an ordering
suggestion.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO5k71mNDnIII+QUHAQG0IQgAkbnCL9CAiO3+j0NlptEBCBn48YGyC82K
UCqj2v/1dPEhGB+sitCEb8pvWJ4lc37YDW81krBbkhIhHCOBWOxM59vIFSGiejMA
f76TwDlmE7eXYOhTpePZROm3/ABsMjslX2nLCAKq1g2N4DUuFmrS11pVMySN950f
bAoDAkP9K0tR78QljbxOQLP73hT5NfLcZHLH8mmNa6NPRd9GHY/Df5Jg9e5/aJ35
f3HBi+s/60caB7PflpXDBT9uFJKSzWlXlmjzCxG3b9exHPYpLF9h4rjxkwwy4Hrj
NR2EIftGlenCSnZ4kNkcG+AAb5m38IfE6Av4Wswgf7sDt4e6fYYPHA==
=85f5
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email