11 Jan
2015
11 Jan
'15
9:23 a.m.
On Sat, 10 Jan 2015, Nick Mathewson wrote:
This proposal describes a simple way for directory authorities to perform signing key revocation.
2. Specification
We add the following lines to the authority signing certificate format:
revoked-signing-key SP algname SP FINGERPRINT NL
Why not implictly revoke any previous signing key when we see a new, valid signing key certificate with a later published timestamp? It would appear to be simpler and require less state. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/