ietf-openpgp
[Top] [All Lists]

Re: Series of minor questions about OpenPGP 4

2009-01-29 16:06:15

On Thu, Jan 29, 2009 at 07:42:59PM +0100, Peter Thomas wrote:

What if I'd revoke the old self-signatures to mark them clearly as
superseded and to force ANY conforming OpenPGP implementation not to
use them.
0x10-0x13 self-sigs could be revoked with a 0x30 certification
revocation signature
0x18 self-sigs could be revoked with a 0x28 subkey revocation signautre
0x1F: which one would I have to use for that? A 0x20 key revocation
signature? Or would the completely revoke the whole key.

You revoke a 0x1F with a 0x30, same as you would use to revoke a
0x10-0x13.  0x1F is a certification.

Does the whole thing make sense anyway? I mean would it be a clean or
at least working way to force ANY implementation to use only the most
recent self-signatures?

I suspect it wouldn't hurt, but wouldn't help much either.  For
example, given this:

  Signature === January 1
  Signature === January 3
  Signature === January 5

it is clear that the January 5 signature is the latest and the one to
use.  Given this:

  Signature  === January 1
  Revocation === January 2
  Signature  === January 3
  Revocation === January 4
  Signature  === January 5

It's still clear which signature is the right one.

I suppose if you had an implementation that insisted on using the
first signature, regardless of the date, then the revocations would
force it to look at the last signature.. but then, an implementation
that did that may have other odd semantics elsewhere.  It may conclude
that there is no signature at all (after all, the one signature it was
looking at is revoked).

Would it work with the mayor implementations, PGP and GnuPG?

It would work in GnuPG.

David