On Aug 23, 2019, at 2:05 PM, Michael Richardson
<mcr+ietf(_at_)sandelman(_dot_)ca> wrote:
I had the unfortunate duty to remove an email address from a community
email list because the person had passed away. I wonder how many other
lists this rather active person is on, and how many years it will be
before the lists are cleaned up.
When my dad passed away in the fall of 2003, it wasn't until the end of April
the following year that the University cleaned up his email account. There
was clearly a need to keep the account open for quite some time due to
other university business that hadn't yet closed.
I was thinking this morning about an SMTP responses, a 55x-type,
but it rather needs to be signed. Sigh, 2019, and still not enough
useful email security to do this. But still.
Is there something in openpgp spec that I'm missing here?
I don't think that revoking the key is the right thing.
In particular, nobody may know how to find the private key to revoke it.
What's wanted is a revocation of the PGP signature with a reason.
Has anyone given any thought to this?
I suppose it might also apply to "does not work here anymore"
There is a "Reason for Revocation" subpacket for the revocation signature. It
contains both a machine-readable byte giving various reasons for revocation
(key superseded, compromised, or retired, user ID no longer valid, or a general
"other"), followed by a human-readable string.
I suppose a death notification would be "key retired", with additional
information (if any) given in the human-readable string. This works with the
designated revoker feature as well as the regular (self) revocation, so even if
the private key is missing (or, being dead, the owner is unable to enter a
passphrase) the key can still be revoked.
David
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp