On Sun, Jan 11, 2015 at 4:23 AM, Peter Palfrader <weasel@torproject.org> wrote:
On Sat, 10 Jan 2015, Nick Mathewson wrote:
This proposal describes a simple way for directory authorities to perform signing key revocation.
2. Specification
We add the following lines to the authority signing certificate format:
revoked-signing-key SP algname SP FINGERPRINT NL
Why not implictly revoke any previous signing key when we see a new, valid signing key certificate with a later published timestamp?
It would appear to be simpler and require less state.
My main worry there is that it's possible to accidentally publish a certificate in the far future. If we can prevent that from ever happening, then we can probably just do what you suggest. Any thoughts? -- Nick