ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

bis04: revocation key nits

2002-04-17 17:49:21
from [David Shaw] [Permanent Link] 

Hi everyone,

I'd like to raise two items for possible inclusion in bis05.  These
came up while implementing designated revoker functionality in GnuPG.

The first item is that there is no way to revoke a 0x1F signature.
Since the designated revoker information is contained in an 0x1F
signature, this means that once a user designates a designated
revoker, the user cannot later undo the designation if circumstances
change.

I'd like to request a new signature class to indicate a 0x1F
revocation or an expansion of the meaning of one of the existing
revocation signature classes to include 0x1F signatures.

The second item is one I raised in February.  Briefly, the draft
indicates that a designated revoker is allowed to issue three types of
revocations: key revocations (0x20), subkey revocations (0x28), and
certification revocations (0x30).  The problem happens if a user is
both a designated revoker for someone who has signed a given key, as
well as a regular signer for the same given key.  In this case, there
is no way to tell the difference between a certification revocation
issued by the user in his capacity as designated revoker, and a
certification revocation issued by the user in his capacity as
himself.

For example, take Alice, Bob, and Charlie.  Bob is Alice's designated
revoker.  Alice and Bob have both certified Charlie's key.  Now Alice
asks Bob to revoke her certification of Charlie's key.

Since both Alice and Bob have certified Charlie's key, and the format
of the certficate revocation (0x30) that Bob issues is the same
whether he is acting for himself or acting as Alice's designated
revoker, the OpenPGP program has no way to tell which certification is
being revoked: is it Bob's or is it Alice's?

I don't know what the best solution for this is.  Probably the
simplest solution is to only allow designated revokers to issue key
revocations (0x20 and possibly 0x28) and not 0x30 cerfication
revocations.  Michael Young suggested a "revocation target" signature
subpacket for use in revocations.  That would work as well.

For what it's worth, neither PGP or GnuPG currently allow designated
revokers to issue 0x28 subkey or 0x30 certification revocations.

David

-- 
   David Shaw  |  dshaw(_at_)jabberwocky(_dot_)com  |  WWW 
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Revocation target subpacket (Re: What's left before a new RFC?), Michael Young
Next by Date:  Re: Revocation target subpacket (Re: What's left before a new RFC?), David Shaw
Previous by Thread:  What's left before a new RFC?, Jon Callas
Next by Thread:  Re: bis04: revocation key nits, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]