On Thu, Aug 22, 2019 at 06:01:23PM -0400, Daniel Kahn Gillmor wrote:
On Thu 2019-08-22 17:08:44 -0400, Daniel Kahn Gillmor wrote:
* introduce augmentation to TPK for third-party certification revocation
distribution
This bit is likely to be the most-controversial part of this update, so
i wanted to explain it more. Sorry that this note is so long.
[...]
There are two downsides to this approach:
A) it violates the definition of a transferable public key in RFC4880
(clients aren't expecting these packets)
B) It's not obvious to to match up these revocation certificates with
the certifications they revoke
(A) isn't really a problem -- we can just update the spec; legacy
clients will ignore the trailing "CRL" and discard it anyway.
(B) requires a bit more engineering, but not much. Clients that know
about this CRL can keep an index of all third-party certifications based
on the SHA256 digest of the certifications. If all revocations have one
or more "Target Signature" subpackets that use SHA256, to point to the
certification(s) that they revoke, then an indexed keystore can find
them and revoke them without much trouble.
Note that this only works if there is a well-established convention
about what digest algorithm to use. I don't want to keep a SHA256 and a
SHA512 and a blake2b index of all the certifications i know about. Note
also that SHA256 isn't used here for strong cryptographic purposes --
it's just a hash table indexer.
This sounds an awful lot like (my understanding of) what PHB's UDF [1]
(uniform data fingerprint) is supposed to be. Sadly, I've not had time
yet to give it a proper read...
-Ben
[1] https://tools.ietf.org/html/draft-hallambaker-mesh-udf
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp