On Mon, Aug 27, 2001 at 04:55:20PM +0200, Werner Koch wrote:
On Mon, 27 Aug 2001 09:48:50 -0400, David Shaw said:
"Most recent prevails" makes a lot of sense. It can even be a SHOULD,
Except for key revocation - any valid revocation (which is a
self-signature) counts. For subkeys it should be okay to allow
overriding of subkey revocations but it is practically worthless.
Revoking user ID revocations should definitely be possible.
The certification revocation signature is applied to the user id,
rather than to the signature that is being revoked, so there is no way
to really revoke a revocation. I assume you mean revoking a user ID
revocation by re-signing the user ID?
It is an interesting problem how to work out the results when given a
list of certifications and revocations which may have oddball dates.
I'm only trying to make a case for what happens if after everything is
worked out and the implementation ends up with more than one valid
David Shaw | Technical Lead
<dshaw(_at_)akamai(_dot_)com> | Enterprise Content Delivery
617-250-3028 | Akamai Technologies