On 8/22/2019 at 6:03 PM, "Daniel Kahn Gillmor"
<dkg(_at_)fifthhorseman(_dot_)net> wrote:
On Thu 2019-08-22 17:08:44 -0400, Daniel Kahn Gillmor wrote:
* introduce augmentation to TPK for third-party certification
revocation distribution
A concrete example:
- Alice is a popular and well-respected certifier.
- Bob meets Alice and they exchange fingerprints. Alice certifies
Bob's identity, and Bob attests to Alice's 3rd-party certification,
shipping it with his OpenPGP certificate.
- They go their separate ways.
- Later, Alice learns from a reliable source that Bob's OpenPGP
secret key material has fallen into the hands of Eve, or that Bob was
not who he claimed to be, or whatever. She decides to revoke her
certification, and she tries to reach Bob but he is
uncontactable.
=====
What if the third party signature just had an 'expiration' option ?
(e.g. Signature validity: 0, Forever; 1, 1 year; n, n years)
This allows for 'expiration' of validation in the event of possible compromise,
and if it is not compromised, then the signer can 're-sign'/'update' the
certification,
send it to the key owner, who can then upload it to the server.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp