-----BEGIN PGP SIGNED MESSAGE-----
A while back, someone suggested a "revocation target" signature
subpacket for revocation signatures that would contain the hash of the
signature that was being revoked. That would fix this problem, but
I was that someone. I still think it's a good idea.
How can it possibly hurt to identify the exact signature
being revoked? It can't be the few extra bytes... it would
be a small fraction of the total, and revocations should be
Even if the current issue is resolved by removing the language
about designated revokers issuing certification revocations,
there are other ambiguities that this would solve. I think
it is quite valid for one key to sign something multiple times,
with a different: signature class; expiration time; notation;
preferred algorithm; or, almost any other optional subpacket.
Some have suggested using the timestamp to decide which
signatures a revocation covers, but others have objected.
I see no need to depend on timestamps -- the hash identifies
the signature perfectly.
When it last came up, Jon asked if anyone would implement it,
and Werner said he would not. Since my implementation is not
yet (and may never be) public, I didn't feel qualified to say "yes".
But I suppose that either David or I could implement it in
GnuPG, if Werner would pick up the change.
I'm not asking for this to be a MUST. Old revocations (and
even new V3 ones) will not have the subpacket, so no implementation
should depend on it. I'd suggest making it a SHOULD.
Any other supporters out there?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
-----END PGP SIGNATURE-----