Re: [tor-dev] proposal 240: Early signing key revocation for directory authorities.

11 Jan 2015


      On Sat, 10 Jan 2015, Nick Mathewson wrote:
...
This proposal describes a simple way for directory authorities to
   perform signing key revocation.

Specification
We add the following lines to the authority signing certificate
format:
revoked-signing-key SP algname SP FINGERPRINT NL


Why not implictly revoke any previous signing key when we see a new,
valid signing key certificate with a later published timestamp?
It would appear to be simpler and require less state.
Cheers,
-- 
                           |  .''`.       ** Debian **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [tor-dev] proposal 240: Early signing key revocation for directory authorities.