Certs by a revoked key

[David Shaw]

--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 24, 2003 at 09:34:21AM +0100, Adrian 'Dagurashibanipal' von Bid=
der wrote:
> On Sun, 2003-02-23 at 19:20, Richard Laager wrote:
>=20
> > By my interpretation,
> > the RFC is saying that if a key is revoked with a reason of 0x02 (Key
> > material has been compromised), 0x00* (No reason specified), or this
> > subpacket is missing* altogether, then all of the key's signatures
> > are suspect and must be ignored. However, if any other reason
> > (currently 0x01 (Key is superceded) or 0x03 (Key is retired and no
> > longer used)) is given, then the signatures should be used in trust
> > calculations.
>=20
> This is the case if you can assume that all revocation packets make it
> through. But I suspect that an attack where the attacker replaces a 0x02
> revocation by the key holder with a 0x01 revocation might be possible,
> so the victim might be led to trust too many signatures.

The revocation type (0x01, 0x02, etc) is part of (or had better be
part of!) the hashed data in the signature so it can't be tampered
with.

A key that has a 0x01 AND 0x02 revocation can certainly be tampered
with to remove the 0x02 one... but then, if an attacker could remove
arbitrary packets, they could remove the 0x01 as well.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--2fHTh5uZTiUOsy+g
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)

iD8DBQE+Wr7H4mZch0nhy8kRAvYIAKCpjh4C8Pzq66nw/xggpLVnoB1KtgCeM6V8
Mys+jsAZSZi9Wgmvs2t9O9c=
=jmC7
-----END PGP SIGNATURE-----

--2fHTh5uZTiUOsy+g--