Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys Sun, 16 March 2014 03:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A33BF1A02BD for <>; Sat, 15 Mar 2014 20:30:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QsyL2grxn8pG for <>; Sat, 15 Mar 2014 20:30:03 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D60611A0271 for <>; Sat, 15 Mar 2014 20:29:59 -0700 (PDT)
Received: from (localhost []) by (Postfix) with SMTP id 0CF23601AF for <>; Sun, 16 Mar 2014 03:29:52 +0000 (UTC)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS for <>; Sun, 16 Mar 2014 03:29:51 +0000 (UTC)
Received: by (Postfix, from userid 99) id E9E462038C; Sun, 16 Mar 2014 03:29:51 +0000 (UTC)
MIME-Version: 1.0
Date: Sat, 15 Mar 2014 23:29:51 -0400
In-Reply-To: <>
References: <> <> <> <> <> <> <>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
Message-Id: <>
Subject: Re: [openpgp] Proposal for a separable ring signature scheme compatible with RSA, DSA, and ECDSA keys
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 16 Mar 2014 03:30:06 -0000

On 03/15/2014 at 1:47 PM, "Jon Callas" <> wrote:

>It's really the same problem, just with a one-person variety. It 
>boils down to the fact that revocation doesn't really work, beyond 
>trivial cases.
>Now on the other hand, ages ago, we discussed ring signatures, and 
>a use case that I wanted to do was to make it so that whenever 
>Alice sends Bob a signed email or other casual message, she would 
>(could?) sign it with a ring signature of her key and Bob's. Bob 
>knows that he didn't sign it so he knows that Alice did. 

But isn't it obvious that the key revocation is a scam, when the time of the revocation and the time of its receipt by a key-server, are too far apart?
(anything more than an hour should be suspicious.)

The only plausibility Alice may have, is that she couldn't get online soon enough after she revoked her key,
and this is discoverable if she went online for any other reason.

If there were some way to make the revocation process not be complete until received and verified by a keyserver,
and then listed as revoked as of the keyserver's receipt time,
then it might do away with the 'change the clock and revoke scam' and make revocation more workable.