Certs by a revoked key
Adrian 'Dagurashibanipal' von Bidder
avbidder@fortytwo.ch
Mon Feb 24 09:33:02 2003
--=-dpZ97uboUpEfrgDJILr3
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sun, 2003-02-23 at 19:20, Richard Laager wrote:
> By my interpretation,
> the RFC is saying that if a key is revoked with a reason of 0x02 (Key
> material has been compromised), 0x00* (No reason specified), or this
> subpacket is missing* altogether, then all of the key's signatures
> are suspect and must be ignored. However, if any other reason
> (currently 0x01 (Key is superceded) or 0x03 (Key is retired and no
> longer used)) is given, then the signatures should be used in trust
> calculations.
This is the case if you can assume that all revocation packets make it
through. But I suspect that an attack where the attacker replaces a 0x02
revocation by the key holder with a 0x01 revocation might be possible,
so the victim might be led to trust too many signatures.
cheers
-- vbi
--=20
OpenPGP encrypted mail welcme - my key: http://fortytwo.ch/gpg/92082481
--=-dpZ97uboUpEfrgDJILr3
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEABECAGcFAj5Z2QxgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fWw7cAn0Q75Sn5k02ZfmU6z1P760LX
+/4ZAKDbP4l/1j6AmBrEhb1eSIjbkIv6HA==
=dlrg
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d
--=-dpZ97uboUpEfrgDJILr3--