From 61d664f0b09dbd98a9dc10ef4129b4ece449cf0c Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sun, 12 Nov 2023 23:30:13 +0100 Subject: [PATCH] ch8: edit and expand "revocations" section --- book/source/08-signing_components.md | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/book/source/08-signing_components.md b/book/source/08-signing_components.md index b3f5786..cca65a4 100644 --- a/book/source/08-signing_components.md +++ b/book/source/08-signing_components.md @@ -183,21 +183,18 @@ In OpenPGP v6, a direct key signature is the [preferred mechanism](https://www.i In a certificate, one User ID serves as the [*primary* User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-primary-user-id). The metadata in the binding self-signature on this User ID applies to the primary key of the certificate. -### Revocations: Invalidating components of a certificate +### Revocation self-signatures: Invalidating components of a certificate One important class of self-signatures are revocations. -A revocation signature is used to retract the statement formed by a prior signature. -A subkey revocation signature revokes a prior subkey binding signature, while a certification revocation revokes a certification signature. +A revocation signature is used to invalidate a component, or retract the statement formed by a prior signature. + +- A [*key revocation signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-revocation-signature-ty) (type ID `0x20`) marks a primary key as revoked. +- a [*subkey revocation signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-subkey-revocation-signature) (type ID `0x28`) revokes a prior subkey binding signature, while +- a [*certification revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-certification-revocation-si) (type ID `0x30`) revokes a certification signature. + Typical use-cases for revocations are marking certificates or individual subkeys as unusable (for example, when the private key has been compromised or superseded), or marking User IDs as no longer used. -A revocation signature can either be *hard* or *soft*: - -- A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards. This means signatures issued before the revocation remain intact. -- A hard revocation, by contrast, invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time. - -Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can, for example, signal compromise of secret key material. - ```{note} OpenPGP certificates act as append-only data structures, in practice. Elements of a certiciate can not be removed from the copies on key servers and the OpenPGP systems of third parties, once published. Implementations usually merge all available components and signatures. @@ -208,15 +205,15 @@ Note: certification signatures [can be made irrevocable](https://www.ietf.org/ar #### Hard vs. soft revocations -A revocation signature may contain a subpacket indicating the reason for revocation. This subpacket contains a code which specifies why the revocation was issued. This code determines, whether the revocation is hard or soft. +A revocation signature can contain a subpacket indicating the [*reason for revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation). The value of this subpacket contains a code that specifies why the revocation was issued. This code determines whether the revocation is considered a *soft revocation* or a *hard revocation*: -A soft revocation is typically used for graceful or planned revocations. A soft revocation can be reverted by re-validating the certificate, User ID or subkey with a fresh binding signature. -A soft revocation invalidates the target certificate beginning with the revocations creation time. +- A *soft revocation* is typically used for graceful or planned invalidation. Soft revocation of a component invalidates it from the revocation signature's creation time onwards. Uses of the component before the revocation time remain intact. Soft revocations can be reverted by re-validating the invalidated component with a new self-signature. +- A *hard revocation*, by contrast, invalidates the component retroactively, rendering all past and future uses invalid. Hard revocation of a component cannot be undone by re-validating the component. -Contrary, a hard revocation cannot be re-validated. Furthermore, a hard-revoked certificate is invalidated retroactively. +Soft revocations are typically used when a certificate, subkey or User ID is retired or superseded gracefully, while hard revocations are typically used to signal compromise of secret key material. ```{note} -A missing revocation reason subpacket is equivalent with a hard revocation reason. +A revocation signature that has no *reason for revocation* subpacket is interpreted as a hard revocation. ``` (third_party_cert)=