revocation signatures

Atom 'Smasher' atom at suspicious.org
Tue Jun 15 21:00:57 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 15 Jun 2004, David Shaw wrote:

> Currently, there is no binding between a revocation and a signature.
> That is, the revocation could refer to any signature issued by that
> key and dated before the revocation.
================

wait a minute..! does that mean that if bob revokes his signature of 
alice's key, then mallory could use ~that~ revocation and revoke bob's 
signature from any key that bob had previously signed key (except for 
bob's key)?


> There is no current way to get the revocation text in a key listing.
> It is only shown when you try to encrypt to the revoked key.
================

pgpdump.


         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"80% of air pollution comes not from chimneys and
 	 auto exhaust pipes, but from plants and trees."
 		-- Ronald Reagan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iEYEARECAAYFAkDPR3QACgkQnCgLvz19QeOGwACcCW/gAUFlxqfPXoIGJsJrXP/p
eboAoI0iKgCidnXDl6zYr2iu3avPJx0n
=52xQ
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list