Re: Identifying revoked certificates
David Shaw <dshaw@akamai.com> Thu, 06 September 2001 20:00 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA07253 for <openpgp-archive@odin.ietf.org>; Thu, 6 Sep 2001 16:00:49 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f86Jlbr13033 for ietf-openpgp-bks; Thu, 6 Sep 2001 12:47:37 -0700 (PDT)
Received: from claude.kendall.akamai.com (akafire.akamai.com [65.202.32.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f86JlaD13029 for <ietf-openpgp@imc.org>; Thu, 6 Sep 2001 12:47:36 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.akamai.com (8.9.3/8.9.3) id PAA31464; Thu, 6 Sep 2001 15:46:24 -0400
Date: Thu, 06 Sep 2001 15:46:24 -0400
From: David Shaw <dshaw@akamai.com>
To: Jon Callas <jon@callas.org>
Cc: Michael Young <mwy-opgp97@the-youngs.org>, ietf-openpgp@imc.org
Subject: Re: Identifying revoked certificates
Message-ID: <20010906154624.C750@akamai.com>
Mail-Followup-To: Jon Callas <jon@callas.org>, Michael Young <mwy-opgp97@the-youngs.org>, ietf-openpgp@imc.org
References: <p05100309b7baf2e20a43@[192.168.1.180]> <010901c135ad$a7233000$fac32609@transarc.ibm.com> <p05100325b7bd794fd6a4@[192.168.1.180]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <p05100325b7bd794fd6a4@[192.168.1.180]>; from jon@callas.org on Thu, Sep 06, 2001 at 12:06:49PM -0700
X-PGP-Key: 2048R/3CB3B415/4D 96 83 18 2B AF BE 45 D0 07 C4 07 51 37 B3 18
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waning Gibbous (88% of Full)
X-Pointless-Random-Number: 76
X-Silly-Header: It sure is.
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On Thu, Sep 06, 2001 at 12:06:49PM -0700, Jon Callas wrote: > > Are there any comments on Michael's suggestion? > > Here's a sketch design: > > A signature subpacket called "revocation target" that contains a 1-octet > PKalg, a 1-octet hash algorithm, and then a hash body. It denotes that a > revocation signature is intended to revoke the signature so specified. > > Comments? Is it worth adding the timestamp from the original signature to help find it without having to look at the (larger) hashes? On a uid with many signatures, this could speed things up. Once found, of course, the hash could then be checked for confirmation. David -- David Shaw | Technical Lead <dshaw@akamai.com> | Enterprise Content Delivery 617-250-3028 | Akamai Technologies
- Fixing the secret keys, and a small apology Jon Callas
- Re: Fixing the secret keys, and a small apology Michael Young
- Identifying revoked certificates Michael Young
- Re: Fixing the secret keys, and a small apology Florian Weimer
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Michael Young
- Re: Fixing the secret keys, and a small apology Werner Koch
- Re: Fixing the secret keys, and a small apology Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates David Shaw
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Jon Callas
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch
- Re: Identifying revoked certificates Michael Young
- Re: Identifying revoked certificates Werner Koch