Re: [Sks-devel] revocation keys

[Peter Palfrader]

On Wed, 26 Nov 2003, Yaron M. Minsky wrote:

> Greetings all.  I'm on vacation now from work, so I should have some
> time to do some work on SKS.  So, expect 1.0.5 Real Soon Now (tm).
> 
> The revocation key list sounds easy to add.  Can someone give me a quick
> description of what revocation keys are for.  I haven't read RFC2440bis
> recently...

An example will make things easy:

pub  1024D/3CD35EBA 2003-11-26
     Key fingerprint = EA70 25BA 9D44 E081 E00A  3486 1440 D704 3CD3 5EBA
sig  0x1F  3CD35EBA 2003-11-26  key revocable by 
0x5B00C96D5D54AEE1206BAF84DE7AAF6E 94C09C7F
sig  0x1F  3CD35EBA 2003-11-26  key revocable by 
0x25FC1614B8F87B52FF2F99B962AF4031 C82E0039

uid  1024D/3CD35EBA 2003-11-26 Peter Palfrader (Jabber ID) <address@hidden>
sig  0x13  3CD35EBA 2003-11-26  [selfsig]

both, 94C09C7F and C82E0039, may revoke the entire key, just like 3CD35EBA may:

In 5.2.1 (in bis09):
|    0x20: Key revocation signature 
|        The signature is calculated directly on the key being revoked.
|        A revoked key is not to be used.  Only revocation signatures by
|        the key being revoked, or by an authorized revocation key,
|                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
|        should be considered valid revocation signatures.

Peter
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

signature.asc
Description: Digital signature