[Top] [All Lists]

Re: Revocation key difficulty

2002-02-26 16:22:43

From: John Dlugosz

A while back, someone suggested a "revocation target" signature
subpacket for revocation signatures that would contain the hash of the
signature that was being revoked.  That would fix this problem, but
I'm open to any solution - does it even make sense to allow a
revocation key to issue certificate revocations?  I always thought of
the revocation key as the "revoker of last resort" - more for
emergency key revocations in case of compromise or secret key loss
than for fine-grained control of previously issued signatures.

Hmm, so how would it be used?  Alice had signed Charlie's key, and now
Alice's key is compromised, so Bob decides to remove Alice's signature from
Charlie's key.  Why?  Well, perhaps Alice is a manager and Charlie is an
employee, and Bob is the tech doing all the work.  Bob is cleaning all the
underling's keys and doesn't want to ask Alice to get involved, or maybe
she is out of reach.

So, why is it necessary to remove Alice's signature from Charlie's key?
Anyone who verifies Charlie's key will see that Alice's has been revoked
and will know to ignore it.  If you're going to distribute this
second-party revokation of signatures, why not just send out a generic
"Alice's key is bad" revokation, and that implies that it ought to be
removed from certificates too?