[Top] [All Lists]

Revocation target subpacket (Re: What's left before a new RFC?)

2002-04-17 17:22:21

Hash: SHA1

From: "Jon Callas" <jon(_at_)callas(_dot_)org>
I know of no other desired changes. I would like bis-05 to be Penultimate
Call. Does anyone object?

I still desire a "revocation target" subpacket to identify the
specific signature being revoked: (add:)
       31 = revocation identification Revocation identification
        (1 octet PK algorithm)
        (1 octet hash algorithm)
        (N octets hash)

where the N octets are the hash from the signature being revoked.

My original suggestion did not include the PK algorithm field.
Jon Callas added that in his revised sketch.  I don't feel a need
for it, but I won't object, either.

David Shaw also suggested including the timestamp from the revocation
packet, to allow a blazingly fast comparison.  Again, I could live
with or without this.

Without the ability to revoke a specific signature, I strongly object
to multiple self-signatures being interpreted "any way it sees fit".
Yes, there's a RECOMMENDED behavior, and that may be the best we can
hope for in old implementations.  It's sad to suggest that when
conversing among new implementations, a key owner cannot update its
self-signature in a clear and unambiguous way.  But a revocation
target would satisfy my objection.  There may be other solutions to
this specific problem, such as a "supercedes" subpacket, but I don't
think they're as generally powerful or useful.

Note that I would not limit the use of this subpacket to self-signatures.
I think it would be equally meaningful for ordinary certifications,
to disambiguate between signatures with different subpackets (e.g.,
notation, trust limits, policy) or classes (e.g., 0x10 through 0x13).

Version: PGP Personal Privacy 6.5.3