Certs by a revoked key
Mon Feb 24 21:42:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Monday, February 24, 2003 2:24 PM, David Shaw wrote:
> On Mon, Feb 24, 2003 at 01:56:17PM -0600, Richard Laager wrote:
> > > There is when there is no reliable way to tell the difference
> > > between "retired" and "compromised", or more specifically
> > > "compromised after retirement".
> > I take it this is because multiple revocation certs are not
> > supported. Is this the case? Or, is this based on an assumption
> > that after a key is retired, it could be compromised and the
> > legitimate owner wouldn't notice?
> No, multiple revocation certs are supported (section 10.1 of the
> spec: "Zero or more revocation signatures"). While it is true that
> retired key could be compromised, that's not really my point
> Let's make sure we're talking about the same thing. What exactly
> are you suggesting here? It sounds like you are saying that the
> 0x01 and 0x03 revocation reasons are a "revocation lite" that means
> "don't use this key anymore, but don't really fully revoke it in
> terms of the web of trust either".
Indeed. I believe that's the reason for having these classifications.
RFC 2440bis says, "There are important semantic differences between
If I'm revoking my key with a 0x01, it's because I intend to move on
to a new key. There's no reason to lose all the trust of the old key.
It can be passed on (in a sense) by signing my new key with my old
key prior to revocation.
If I'm revoking my key with a 0x03 signature, it's because I no
longer use my key. But, if Alice has signed my key, and I've signed
Charlie's key, there's no reason Alice can't continue to view
Charlie's key as valid through the signature chain, as she had
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
-----END PGP SIGNATURE-----