ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker"

2019-08-05 12:45:41
from [Werner Koch] [Permanent Link] 
On Wed, 31 Jul 2019 16:34, dkg(_at_)fifthhorseman(_dot_)net said:

The "revocation key" subpacket is problematic.  It is the the most
fragile piece of the specification wrt the fingerprint (collisions
against a fingerprint can create surprising revocation effects).  And


With the move to v5 keys this will be solved en-passant.


replaces it with a "designated revoker" subpacket that includes the
full key, rather than the fingerprint.


I view this as problematic in the light of our preparations to allow for
larger key material.  With PQC we may need megabyte large keys and then
including an entire key would double the size of a keyblock.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker", Daniel Kahn Gillmor
Next by Date:  Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker", vedaal
Previous by Thread:  Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker", Daniel Kahn Gillmor
Next by Thread:  Re: [openpgp] [RFC4880bis PATCH] Deprecate "Revocation Key", replacing with full-key "Designated Revoker", vedaal
Indexes:  [Date] [Thread] [Top] [All Lists]