At 11:02 PM -0700 4/4/00, L. Sassaman wrote:
While reading over the description of the Key server preferences signature
subpacket (220.127.116.11 in the current draft), a possible abuse of this option
occurred to me. I would like to suggest that the wording in the draft be
modified to say:
"When valid revocations of signatures made on a key are submitted to a key
server, implementations that honor subpacket 23 MUST allow the signature to
be revoked, regardless of the value of this packet"
Or something to that effect... the reasons here are obvious.
What are the obvious reasons? And what's the obvious abuse?
The purpose of this packet is so that a key can say, "Here's where you can
get the most up-to-date version of me." Or perhaps if you prefer, the key's
owner is saying "here's where you can get the most up-to-date version of
this key." There are other reasonable uses, like including it in a
signature so you can find the key that signed it. Like all signed
statements, you shouldn't automatically treat them like gospel -- remember,
any idiot can sign anything. But that's the abuse?