revocation signatures

David Shaw dshaw at jabberwocky.com
Tue Jun 15 21:25:01 CEST 2004


On Tue, Jun 15, 2004 at 03:00:57PM -0400, Atom 'Smasher' wrote:
> On Tue, 15 Jun 2004, David Shaw wrote:
> 
> > Currently, there is no binding between a revocation and a signature.
> > That is, the revocation could refer to any signature issued by that
> > key and dated before the revocation.
> ================
> 
> wait a minute..! does that mean that if bob revokes his signature of 
> alice's key, then mallory could use ~that~ revocation and revoke bob's 
> signature from any key that bob had previously signed key (except for 
> bob's key)?

No, it means that Mallory could use the revocation to revoke any
signature of Bob's on Alice's key that was dated before the
revocation.  In other words, Mallory can't do anything that Bob or
Alice couldn't do.  The revocation hash includes the public key, so it
is not transferable.

> > There is no current way to get the revocation text in a key listing.
> > It is only shown when you try to encrypt to the revoked key.
> ================
> 
> pgpdump.

Sure, or gpg --list-packets.  It's not nice and machine parseable
though.

David



More information about the Gnupg-devel mailing list