Re: Identifying revoked certificates
"Michael Young" <mwy-opgp97@the-youngs.org> Thu, 06 September 2001 21:17 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA09242 for <openpgp-archive@odin.ietf.org>; Thu, 6 Sep 2001 17:17:22 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86L99n14476 for ietf-openpgp-bks; Thu, 6 Sep 2001 14:09:09 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86L97D14472 for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 14:09:07 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id RAA14616 for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 17:01:12 -0400 (EDT)
Received: from mwyoung (dhcp-194-28.transarc.ibm.com [9.38.194.228]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id RAA02699 for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 17:09:03 -0400 (EDT)
Message-ID: <002301c13717$dd93a1e0$e4c22609@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <p05100309b7baf2e20a43@[192.168.1.180]> <010901c135ad$a7233000$fac32609@transarc.ibm.com> <p05100325b7bd794fd6a4@[192.168.1.180]> <20010906154624.C750@akamai.com>
Subject: Re: Identifying revoked certificates
Date: Thu, 06 Sep 2001 17:06:48 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- On Thu, Sep 06, 2001 at 12:06:49PM -0700, Jon Callas wrote: > A signature subpacket called "revocation target" that contains a 1-octet > PKalg, a 1-octet hash algorithm, and then a hash body. It denotes that a > revocation signature is intended to revoke the signature so specified. Sounds good. I didn't have the PK algorithm in my original proposal. I don't feel a need for it, but I don't mind having it there, either. From: "David Shaw" <dshaw@akamai.com> > Is it worth adding the timestamp from the original signature to help > find it without having to look at the (larger) hashes? On a uid with > many signatures, this could speed things up. Once found, of course, > the hash could then be checked for confirmation. I don't mind having the timestamp there, but I don't feel a need for it, either. While I feel a need for this subpacket, at the same time, I expect this situation to be rare, and there are other ways to control the cost: Note that this disambiguation is necessary only for signatures within the same context (key, key/user, key/subkey) and made by the *same creator*. Although the current packet ordering rules don't address certificate revocation, I'd suggest that a prudent ordering would put each after its target. This would an even stronger hint. I note that neither PGP6.5 nor GnuPG produces this ordering. At first glance, it appears that they use order of arrival. [Just the same, would anyone object to suggesting this ordering in section 10?] I expect many implementations will cache certificate verifications and revocation results upon receipt/incorporation, rather than doing them every time. An implementation that doesn't cache will have to compute the hash before using the PK algorithm to verify the original anyway. Since the PK verification is (relatively) expensive, it makes sense to look for any revocations first. A failing 20ish-byte hash match won't take longer than an (unaligned big-endian) 4-byte time match (and may fall out sooner); a successful match would require the 20ish-byte test anyway. If there's a match, the revocation certificate gets tested instead (and, assuming it verifies, the original verification can be skipped). But as I said up front, I don't object strongly to having it. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBO5flQGNDnIII+QUHAQGuMwf9EIRKx/gEJ5PV2hySzvBJV/2nrGie3ZQN oNpbE0Gze/rgOZEHjviajeOTcKrCnzNk4JMeiWYT2FiWsNwXHKj/Qkbnifsl8f17 aJ6RBoUTlwjhjiiOJVFC14A0Vy3PWTBLpQ2tCJSd02D5Yvtc5L+SHOez6iwVh1/j hKv4hQUqCJbfjBH6E5o8BncsZTR4if+zlgrm24IXymr4f83yqCxoOYC+EyhZnANn 9oEzAE7WJiKYznt/wL3THXzZRDPgefVeGH6turU+LMDS7p02gsiWrHGjKU3l/3I5 QvlFsc9KKpahtJGuaq/VymBmfxw1kX/vH2GIWb8QGwMxHXbS60YJRg== =e/dy -----END PGP SIGNATURE-----
- Fixing the secret keys, and a small apology Jon Callas
- Re: Fixing the secret keys, and a small apology Michael Young
- Identifying revoked certificates Michael Young
- Re: Fixing the secret keys, and a small apology Florian Weimer
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates David Shaw
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch