[Top] [All Lists]

Re: Revocation key difficulty

2002-02-26 15:52:54

At 3:58 PM -0500 2/26/02, David Shaw wrote:

The problem with certificate revocations is that it is not possible in
some cases to know which certificate is being revoked.  For example,
take Alice, Bob, and Charlie.  Bob is Alice's designated revoker.
Alice and Bob have both signed Charlie's key.  Now Alice asks Bob to
revoke her signature on Charlie's key.

Since both Alice and Bob have signed Charlie's key, and the format of
a revocation that is issued by a designated revoker is the same as a
revocation issued by the key owner, the OpenPGP program has no way to
tell which certification is being revoked: is it Bob's or is it

Ummm, that's certificate revocation, not certification revocation. A PGP
certificate (a.k.a. key) contains a collection of certifications. It is
these certifications (colloquially key signatures) that determine a
certificate's validity.

A certificate revocation makes the certificate dead. It cancels the
*entire* certificate, regardless of anything else.

Here's a scenario like yours:

Alice and Bob have both signed Charlie's key. Alice is also a designated
revoker on Charlie's key. When Alice issues a certificate revocation for
Charlie's key (a.k.a. certificate), then Charlie's key is revoked. It is an
ex-certificate and has joined the Choir Eternal. It has ceased to be. It no
longer matters that Bob signed Charlie's key. It no longer matters that
David through Zelda inclusive has signed it. It is no longer valid. This is
just like what would happen if Charlie issued that revocation himself.

Now, then, there are some unresolved issues related to this. Is the
contract that Bob signed two years ago with me now suddenly void? I think
not. There are, however, people I respect who think it is. But that's a
different discussion.