ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Revoking Keys: Adding a superceded-by parameter

2015-07-27 03:05:34
from [Kristian Fiskerstrand] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/27/2015 08:22 AM, Werner Koch wrote:

On Sun, 26 Jul 2015 16:38, look@my.amazin.horse said:


As in, deprecate the subpacket?  Or move it towards notation
data?


The discussion was around the idea to deprecate the use of the
reason for revocation because it is pretty complicated to make real
use of it due to non-easy semantics.


I can think of at least one specific use case where this information
is needed. I'm somewhat ambivalent to whether this is given as
specific subpacket or a notation; if we were to implement it again the
latter would make sense, but not sure if it is worthwhile breaking
backwards compatibility for deprecating it.

Anyways, the use case is you have a revocation certificate as part of
the will and a copy is stored with the executor. The reason for
revocation states "This key is revoked by the Power of Attorney
granted to the executor of the Last Will and Testament of Y", and
likely contains a version identifier to be able to trace any non
sanctioned use.

Obviously you wouldn't give your attorney a copy of your private key,
but you do want them to be able to follow the instructions for
revoking and notifying the appropriate channels in the event a stone
falls in the back of your head.

The reason for revocation in this case at least should be a good
indicator to other holders of the key about the situation and provides
valuable information.

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aut disce aut discede
Either learn or leave
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVteXcAAoJECULev7WN52FHKgH/0bi2Ezq1ls9DOU/Qq748p0/
44BcT5PC97X1uaqTkHV7pcb7azS5FUfnwdLIzy6wfWhce4L2jOqqho+sWl6Nq93G
LYMPsCFYRvGCu/+oOU2K0BDb3nT5azL0U94nQUQEreDLssl0R2MyrIcNApZZVyf4
9oP0Fjxy/5hIoPpAmri1JVvHLuC6G833h/MEo864bMNvV/cTh+VwwFVlCX+nKRR8
3dzzfD5l691ri/I9pZ5s7EhDo0KlqidUmv1VzLr0mkei7hWPKwUzy//308CkWO9w
Qh4YfOt20CFgtkKv/o0SM9NR8jlDWGBpjRCege1w+j3h19eS7oYbXbLqfWerKwY=
=9+ie
-----END PGP SIGNATURE-----

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] The DANE draft, Werner Koch
Next by Date:  Re: [openpgp] key distribition and IETF document status, Paul Wouters
Previous by Thread:  Re: [openpgp] Revoking Keys: Adding a superceded-by parameter, Werner Koch
Next by Thread:  [openpgp] User ID Packet: expand recommendation to include hostname, Neal H. Walfield
Indexes:  [Date] [Thread] [Top] [All Lists]