ietf-openpgp
[Top] [All Lists]

Re: Revocability semantics

2008-01-19 10:10:04

On Jan 19, 2008, at 2:57 AM, Daniel A. Nagy wrote:

David seems to be right about the fact that currently, there is no
distinction between key-revokers and certification revokers. However, since
this functionality is not it wide use yet, I would suggest to make the
following somewhat backwards-compatible change: The revocation key subpacket authorizes revocations only for the subject of the certificate in which it has been included. Thus, if it is a certificate directly on a key, it allows the designated revoker to revoke the key. If it is in a key-uid binding certificate, it allows the designated revoker to revoke that particular
key-uid binding.

I would be okay with this. Putting the designated revoker subpacket in the certificate to indicate that it may be designated-revoked quite neatly gives the issuer the power to choose, which is what I was concerned about earlier.

Alternatively, we could add a new subpacket type with this
semantics, and leave 5.2.3.15 as it is.

Obviously, I'm okay with that as well.

A mild benefit for plan "A" is a great deal of flexibility, as the issuer could choose on a per-certificate basis which should be designated-revokable or not. It would tend to make certificates a bit larger, though, as they'd have to carry a designated-revoker subpacket.

David

<Prev in Thread] Current Thread [Next in Thread>