My question is simple (kind of): In what situations would you revoke a
certificate that you have made on someone else's key? (Technically:
--edit-key + revsig.)
Background concepts: When we sign a key (--edit-key + sign) we certify a
particular user id, the link between the user id and person (or
sometimes group) identity. Something like that. It's difficult to put
this concrete enough but abstract enough to cover all cases but you know
what I mean.
But what would you say about conceptual meaning of revoking such
certificate (--edit-key + revsig)? Maybe the link between the key or a
particular user id and the actual person or group identity has been cut:
person lost his secret key or just password and can't control the key
anymore. So maybe by revsig a person gives a signal that he knows the
link has been broken and tell people to not rely on his certificate
anymore. Am I right?
On Fri 2017-06-16 10:06:38 +0300, Teemu Likonen wrote:
> My question is simple (kind of): In what situations would you revoke a
> certificate that you have made on someone else's key? (Technically:
> --edit-key + revsig.)
That action would be me saying "i no longer believe that this key is
only controlled by the entity that corresponds to the identity in the
in the abstract:
* i learned via some channel i consider trustworthy that this key isn't
appropriate for use with this User ID any more.
* "I had lunch with Sarah and she told me she'd lost access to her
secret key and didn't have a revocation certificate available."
* "Acme Corp. just published a press release on their https website
indicating that there was a break-in on their server "astrid". I
happen to know that the user account "archivemaster" on "astrid" has
a copy of their software-signing secret keys, but they haven't
revoked them publicly. I no longer have confidence that this key is
controlled solely by Acme Corp, so i'm removing my public attestation
Does this make sense? From the point of view of the person evaluating
the third-party signature, they can't tell the difference. they just
know that before they saw the revocation, they know that "dkg says this
key belongs to Sarah" or "dkg says that this is Acme Corp's
software-signing key", and after they see the revocation, they know "dkg
doesn't have anything useful to say about the identities on this key --
they could belong to anyone".
Daniel Kahn Gillmor [2017-06-21 14:03:00-04] wrote:
> in the abstract:
> * i learned via some channel i consider trustworthy that this key isn't
> appropriate for use with this User ID any more.
> more concretely:
> * "I had lunch with Sarah and she told me she'd lost access to her
> secret key and didn't have a revocation certificate available."
> Does this make sense?
Sure, thanks. This is what I thought. In the past I revoked one of my
certificates because the key's owner no longer remembered the password
and essentially had lost control of the key. Back then I didn't think of
the semantics of revsig that much but it seemed the right thing to do.