revocation signatures
Atom 'Smasher'
atom at suspicious.org
Tue Jun 15 21:00:57 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 15 Jun 2004, David Shaw wrote:
> Currently, there is no binding between a revocation and a signature.
> That is, the revocation could refer to any signature issued by that
> key and dated before the revocation.
================
wait a minute..! does that mean that if bob revokes his signature of
alice's key, then mallory could use ~that~ revocation and revoke bob's
signature from any key that bob had previously signed key (except for
bob's key)?
> There is no current way to get the revocation text in a key listing.
> It is only shown when you try to encrypt to the revoked key.
================
pgpdump.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"80% of air pollution comes not from chimneys and
auto exhaust pipes, but from plants and trees."
-- Ronald Reagan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iEYEARECAAYFAkDPR3QACgkQnCgLvz19QeOGwACcCW/gAUFlxqfPXoIGJsJrXP/p
eboAoI0iKgCidnXDl6zYr2iu3avPJx0n
=52xQ
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list