-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Roessler wrote:
On 2001-08-28 17:54:05 -0400, Michael Young wrote:
I'm really not out to be pedantic here. I think it really is
important to have clear rules for revocation. If multiple
certifications for a key or key/name are to be allowed, or are the
*recommended* way to update preferences/qualities, then it is
essential that a revocation be able to target the proper one.
Of course, the trivial solution would be to assign a unique serial
number to each certificate, and to include that serial number with
the revocation.
--
Thomas Roessler http://log.does-not-exist.org/
this will require to change sig format or at least make new subpacket for
sernum.
besides it will not solve problem with revoking current sigs because they have
no such number.
I think it's enough to identify the sig by its creation time.
I don't think it's normal to have several sigs created at the same time,
and even if there is several sigs with the same creation time, well, they all
are revoked by single revocation sig that refers to this creation time.
JMHO
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^---PGP 2.6.3ia-multi04 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
-----BEGIN PGP SIGNATURE-----
Version: 553ckt
iQA/AwUBO4yrWDBaTVEuJQxkEQKF0QCgwSGE5TRM0Rkw8RhJaLnY8xYApcYAn1FK
h3zPb45E1OLr2j2RRB6eOvfb
=uhIP
-----END PGP SIGNATURE-----