Re: Revocability semantics

Dear WG,

I am pretty sure that my interpretation of the standard is correct, but I
would like to
a) have it confirmed and
b) make it known to other implementers

The Revoacble flag as specified by RFC4880, Section 5.2.3.12, when set to 0,
only forbids revocation by the issuer, but not by other revokers.

In particular, if a revocation key (5.2.3.15) is present in addition to the
above flag, it means that the designated revoker is allowed to revoke the
certificate, but the issuer is not.

The context is the implementation of IOU notes as self-signatures on PGP
public keys, so that the PKS infrastructure can be used for their
dissemination (and, thus, for credit reputation tracking). More on this at
the upcoming FC2008, in Cozumel. ;-)

-- 
Daniel

signature.asc
Description: Digital signature

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Revocability semantics, Daniel A. Nagy <= Re: Revocability semantics, David Shaw Re: Revocability semantics, Jon Callas Re: Revocability semantics, David Shaw Re: Revocability semantics, Daniel A. Nagy Re: Revocability semantics, David Shaw

Previous by Date:	Re: Public-key distribution via HTTP, Timothy J. Miller
Next by Date:	Face to face meeting in Cozumel?, Daniel A. Nagy
Previous by Thread:	Public-key distribution via HTTP, Peter Gutmann
Next by Thread:	Re: Revocability semantics, David Shaw
Indexes:	[Date] [Thread] [Top] [All Lists]