[Top] [All Lists]

Re: Revocation key difficulty

2002-02-26 16:38:50

On Tue, Feb 26, 2002 at 02:52:33PM -0800, Jon Callas wrote:

At 3:58 PM -0500 2/26/02, David Shaw wrote:

The problem with certificate revocations is that it is not possible in
some cases to know which certificate is being revoked.  For example,
take Alice, Bob, and Charlie.  Bob is Alice's designated revoker.
Alice and Bob have both signed Charlie's key.  Now Alice asks Bob to
revoke her signature on Charlie's key.

Since both Alice and Bob have signed Charlie's key, and the format of
a revocation that is issued by a designated revoker is the same as a
revocation issued by the key owner, the OpenPGP program has no way to
tell which certification is being revoked: is it Bob's or is it

Ummm, that's certificate revocation, not certification revocation. A PGP
certificate (a.k.a. key) contains a collection of certifications. It is
these certifications (colloquially key signatures) that determine a
certificate's validity.

A certificate revocation makes the certificate dead. It cancels the
*entire* certificate, regardless of anything else.

Well understood and agreed, but I really did mean what I said.  The
RFC says (section 5.2.1):

   0x30: Certification revocation signature
       This signature revokes an earlier user ID certification
       signature (signature class 0x10 through 0x13). It should be
       issued by the same key that issued the revoked signature or an
       authorized revocation key The signature should have a later
       creation date than the signature it revokes.

Am I somehow misreading this?  To my eye, this says an authorized
revocation key can issue a genuine 0x30 *certification* revocation


David Shaw          |  Technical Lead
<dshaw(_at_)akamai(_dot_)com>  |  Enterprise Content Delivery
617-250-3028        |  Akamai Technologies