Certs by a revoked key

Richard Laager rlaager@wiktel.com
Mon Feb 24 21:42:02 2003

Hash: SHA1

On Monday, February 24, 2003 2:24 PM, David Shaw wrote:
> On Mon, Feb 24, 2003 at 01:56:17PM -0600, Richard Laager wrote:
> > > There is when there is no reliable way to tell the difference
> > > between "retired" and "compromised", or more specifically
> > > "compromised after retirement".
> > 
> > I take it this is because multiple revocation certs are not
> > supported. Is this the case? Or, is this based on an assumption
> > that after a key is retired, it could be compromised and the
> > legitimate owner wouldn't notice?
> No, multiple revocation certs are supported (section 10.1 of the
> spec: "Zero or more revocation signatures").  While it is true that
> a
> retired key could be compromised, that's not really my point
> either.  
> Let's make sure we're talking about the same thing.  What exactly
> are you suggesting here?  It sounds like you are saying that the
> 0x01 and 0x03 revocation reasons are a "revocation lite" that means
> "don't use this key anymore, but don't really fully revoke it in
> terms of the web of trust either".

Indeed. I believe that's the reason for having these classifications.
RFC 2440bis says, "There are important semantic differences between
the reasons..."

If I'm revoking my key with a 0x01, it's because I intend to move on
to a new key. There's no reason to lose all the trust of the old key.
It can be passed on (in a sense) by signing my new key with my old
key prior to revocation.

If I'm revoking my key with a 0x03 signature, it's because I no
longer use my key. But, if Alice has signed my key, and I've signed
Charlie's key, there's no reason Alice can't continue to view
Charlie's key as valid through the signature chain, as she had

Richard Laager

Version: PGP 7.0.4