Re: Certification revocation -- identifying the revoked certificate
disastry@saiknes.lv Wed, 29 August 2001 11:02 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA19668 for <openpgp-archive@odin.ietf.org>; Wed, 29 Aug 2001 07:02:48 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f7TAoCD21312 for ietf-openpgp-bks; Wed, 29 Aug 2001 03:50:12 -0700 (PDT)
Received: from HACKSERV.saiknes.lv (hackserv.saiknes.lv [195.2.103.8]) by above.proper.com (8.11.6/8.11.3) with SMTP id f7TAoAD21307 for <ietf-openpgp@imc.org>; Wed, 29 Aug 2001 03:50:11 -0700 (PDT)
Received: from saiknes.lv (unverified [127.0.0.1]) by 127.0.0.1 (EMWAC SMTPRS 0.83) with SMTP id <B0000080500@127.0.0.1>; Wed, 29 Aug 2001 11:45:06 +0200
Message-ID: <3B8CC7B2.D13CB1CC@saiknes.lv>
Date: Wed, 29 Aug 2001 12:45:06 +0200
From: disastry@saiknes.lv
Organization: .NO.SPaM.NET
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en,lv,ru
MIME-Version: 1.0
To: ietf-openpgp@imc.org
Subject: Re: Certification revocation -- identifying the revoked certificate
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Roessler wrote: > On 2001-08-28 17:54:05 -0400, Michael Young wrote: > >I'm really not out to be pedantic here. I think it really is > >important to have clear rules for revocation. If multiple > >certifications for a key or key/name are to be allowed, or are the > >*recommended* way to update preferences/qualities, then it is > >essential that a revocation be able to target the proper one. > > Of course, the trivial solution would be to assign a unique serial > number to each certificate, and to include that serial number with > the revocation. > -- > Thomas Roessler http://log.does-not-exist.org/ this will require to change sig format or at least make new subpacket for sernum. besides it will not solve problem with revoking current sigs because they have no such number. I think it's enough to identify the sig by its creation time. I don't think it's normal to have several sigs created at the same time, and even if there is several sigs with the same creation time, well, they all are revoked by single revocation sig that refers to this creation time. JMHO == <EOF> == Disastry http://i.am/disastry/ http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon ^--GPG for Win32 (supports loadable modules and IDEA) ^---PGP 2.6.3ia-multi04 (supports IDEA, CAST5, BLOWFISH, TWOFISH, AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes) -----BEGIN PGP SIGNATURE----- Version: 553ckt iQA/AwUBO4yrWDBaTVEuJQxkEQKF0QCgwSGE5TRM0Rkw8RhJaLnY8xYApcYAn1FK h3zPb45E1OLr2j2RRB6eOvfb =uhIP -----END PGP SIGNATURE-----
- Re: Certification revocation -- identifying the r… Florian Weimer
- Re: Certification revocation -- identifying the r… disastry
- Re: Certification revocation -- identifying the r… Michael Young