On Sun, Jan 11, 2015 at 4:23 AM, Peter Palfrader weasel@torproject.org wrote:
On Sat, 10 Jan 2015, Nick Mathewson wrote:
This proposal describes a simple way for directory authorities to perform signing key revocation.
Specification
We add the following lines to the authority signing certificate format:
revoked-signing-key SP algname SP FINGERPRINT NL
Why not implictly revoke any previous signing key when we see a new, valid signing key certificate with a later published timestamp?
It would appear to be simpler and require less state.
My main worry there is that it's possible to accidentally publish a certificate in the far future. If we can prevent that from ever happening, then we can probably just do what you suggest. Any thoughts?