On Thu, Jan 17, 2008 at 02:49:10PM +0100, Daniel A. Nagy wrote:
Dear WG,
I am pretty sure that my interpretation of the standard is correct, but I
would like to
a) have it confirmed and
b) make it known to other implementers
The Revoacble flag as specified by RFC4880, Section 5.2.3.12, when set to 0,
only forbids revocation by the issuer, but not by other revokers.
In particular, if a revocation key (5.2.3.15) is present in addition to the
above flag, it means that the designated revoker is allowed to revoke the
certificate, but the issuer is not.
Unless I misunderstand what you are suggesting, I think my reading of
the standard says otherwise. Specifically, if the revocable flag is
set to 'no', that means nobody (be they the issuer or designated
revoker) can revoke.
Take this scenario: Alice has a key and sets Baker and Charlie as
designated revokers. If revokers other than the issuer were allowed
to revoke signatures marked as irrevocable, then Baker could revoke
Charlie's designated revoker status. For that matter, Baker could
revoke his *own* designated revoker status.
David