David Shaw <dshaw(_at_)jabberwocky(_dot_)com> wrote:
>> Has anyone given any thought to this?
>>
>> I suppose it might also apply to "does not work here anymore"
> There is a "Reason for Revocation" subpacket for the revocation
> signature. It contains both a machine-readable byte giving various
> reasons for revocation (key superseded, compromised, or retired, user
> ID no longer valid, or a general "other"), followed by a human-readable
> string.
> I suppose a death notification would be "key retired", with additional
> information (if any) given in the human-readable string. This works
> with the designated revoker feature as well as the regular (self)
> revocation, so even if the private key is missing (or, being dead, the
> owner is unable to enter a passphrase) the key can still be revoked.
The designated revoker is singular.
There is no k-of-n (or rather K) threshold the way that signature on UIDs
works. If there was N signatures binding me(_at_)example(_dot_)com to key
0x12345678,
then it would be nice if the self-sign on the key could set a value k,
which if at least K entities revoke their signature (not just expire) with
an identical reason, would signal that the key<->UID is no longer valid.
--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp