[Top] [All Lists]

Re: Revocation key difficulty

2002-02-28 13:25:22

Hash: SHA1

From: "David Shaw" <dshaw(_at_)akamai(_dot_)com>
Even though the standard allows for more, as far as I know, the only
implementation that does designated revokers is PGP, and it does only
full key revocations (0x20).  GnuPG will start doing designated

A while back, I tested a third-party scenario: (Alice's designated
revoker) Bob revokes Alice's signature of Charlie's key/name.  Not only
would PGP not let Bob generate a revocation for a certification
(unless Bob had also signed Alice's key himself), but it wouldn't
recognize one that I manually injected.  I don't recall trying
to revoke a self-signature: Bob revokes one of Alice's names (not the key).

Another aspect I didn't test is what PGP does when the designated
revoker's key is not available.  I suppose it could check for
revocations with a matching "issuer" hint.  (Anyone who could tweak
the hint could destroy the revocation just as easily anyway.)
Does it?  If there is a match (but no key), what is the validity decision?

You'd want a company key to be designated revoker for everyone, but
storing and keeping track of thousands of revocations is a pain.

Yes, but some pain is required.  Something still has to hold onto the
keys themselves, specifically the designated revoker subpackets.
Otherwise, a user could throw away the designation.  I think I'd have
enhanced the corporate (key) server rather than complicating the
client validity checking.  But the whole V4 upgrade (especially
the "placeholder for backward compatibility" :-) required changes
to client understanding; in for a penny, in for a pound, I suppose.

Anyway, sorry to poke at a dead horse... I'll let it go, now.

Version: PGP Personal Privacy 6.5.3