On 12/09/2010 03:09 PM, Ben McGinnes wrote: > Is this why a revoked key can still be used to decrypt data that was > encrypted with a non-revoked copy of the key?
the things that get revoked are OpenPGP certificates. the certificates themselves contain key material. The math that makes the key material effective for encryption, decryption, signing, or verification doesn't know or care about the revocation of the certificates. We *interpret* those revocations to give us some reasonable real-world guidance about whether to rely on a given key for encryption, signature verification, or authentication. But the underlying asymmetric crypto operations will continue to work regardless of whether the certificates are revoked. >> even need a new version of the entire spec, it would just be an update >> to the spec, claiming a new subpacket type from IANA. And an example >> implementation in a popular tool like GnuPG wouldn't hurt either, of >> course. :) > > Why do I get the feeling that this bit is addressed to Werner ... ;) It was addressed to anyone who wants to implement it, actually. Anyone looking to cut their teeth on this kind of stuff could pick this up as a reasonable project. Here's a previous discussion to get you started: http://www.imc.org/ietf-openpgp/mail-archive/msg06733.html hth, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
