ietf-openpgp
[Top] [All Lists]

Re: Identifying revoked certificates

2001-09-06 19:54:31

-----BEGIN PGP SIGNED MESSAGE-----

From: "Jon Callas" <jon(_at_)callas(_dot_)org>
 that they use order of arrival.  [Just the same, would anyone object
 to suggesting this ordering in section 10?]

Yes. A change to the standard that requires all the implementations to
change is not desirable. I don't see what good it does for them other than,
"You'll thank me for this later." Telling them how to write their programs
adds complexity, and complexity lessens security.

I didn't intend to *require* any ordering, only to *suggest* one,
and only for interchange.

Your principle would argue for eliminating all of the ordering rules.
Why should userIDs precede subkeys?  (For that matter, why should
signatures have to follow the key/userid/subkey to which they
refer -- an implementation *could* always try them all :-).  Ordering
helps receivers match things up.

All that said, I'll retract my suggestion.  It was just a hint,
but as we both noted, matching using the hash is pretty
straightforward, and is dwarfed by the PK verification
anyway.  Sorry for the excursion.


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO5g2I2NDnIII+QUHAQGAqgf/dfM0TXVzTwnsJCxl7GbPjS3sHHuPl6uC
0otpvdx/2oqfEMswhzay8xmt1aA+VJL7fflJctG3pRDxFFv4cacg+UqKoaZdWfqv
cZZC7TiFZa4mdCYGCx9AzwvP05zTw7Sa7QMlAqLrxGHTtfcO2DLi/JguowGyfO8A
Pjzmd6jUGGLGdlIPcJ7qInAx3EcmFOHc08xJ2r3tFyQG5Ke9Z5SWsSHMgiIzSJ8E
PaAKmcuP+Kh2Szf2GRqfzFbrXU/A/bP6FC1bnGEIHrD3FcNajJ5SUbbNPyKutUdJ
dq6YMRHoToqSFcRUJHWjbOWQKDMZZ+6gct61w4ATuNONCi/QBRfoVw==
=3O2g
-----END PGP SIGNATURE-----