ietf-openpgp
[Top] [All Lists]

Behavior of implementations regarding certain key material

2000-05-26 01:40:42
From draft-ietf-openpgp-rfc2440bis-00, 5.2.3.23, "Reason for
Revocation":

| A revoked certification no longer is a part of validity
| calculations.

We were a bit surprised when we discovered this change to RFC 2440
because RFC 2440 primarily specifies the OpenPGP message format,
and not the behavior of implementations when they encounter certain
OpenPGP messages, much to our discomfort.

We would like to see other requirements such as "An expired
certification is no longer part of validity calculations."  If you
are running a CA, you certainly want all implementations to react
to certfication expiration, certifying key expiration, certication
revocation etc. in the same manner.

If you agree that this should be addressed, we can document additional
requirements which make sense from our point of view as a basis for
further discussion.

-- 
Florian Weimer                    
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5