"Florian" == Florian Weimer
<Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE> writes:
Florian> Jon Callas <jon(_at_)callas(_dot_)org> writes:
At 10:46 AM +0200 5/26/00, Florian Weimer wrote: >From
draft-ietf-openpgp-rfc2440bis-00, 5.2.3.23, "Reason for
Revocation": > >| A revoked certification no longer is a part of
validity >| calculations. > >We were a bit surprised when we
discovered this change to RFC 2440 >because RFC 2440 primarily
specifies the OpenPGP message format, >and not the behavior of
implementations when they encounter certain >OpenPGP messages,
much to our discomfort. >
Umm, so what is the problem? Is there a reason that a revoked
certification *should* be part of validity calculations?
Florian> No, of course not. Our point is: There is no reason why an
Florian> expired certification should be part of validity
Florian> calculations, either (at least by default). Ditto for
Florian> expired keys. But 2440bis does not state what to do in
Florian> these cases, and in fact, implementations already show
Florian> different behavior.
It seems to me the logical thing to do is very easy to describe:
expired or revoked certs are treated as if they were nonexistent.
paul