mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-30 03:22:06 +01:00
ch8: edit and expand "revocations" section
This commit is contained in:
parent
2346c346c2
commit
61d664f0b0
1 changed files with 12 additions and 15 deletions
|
@ -183,21 +183,18 @@ In OpenPGP v6, a direct key signature is the [preferred mechanism](https://www.i
|
|||
|
||||
In a certificate, one User ID serves as the [*primary* User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-primary-user-id). The metadata in the binding self-signature on this User ID applies to the primary key of the certificate.
|
||||
|
||||
### Revocations: Invalidating components of a certificate
|
||||
### Revocation self-signatures: Invalidating components of a certificate
|
||||
|
||||
One important class of self-signatures are revocations.
|
||||
|
||||
A revocation signature is used to retract the statement formed by a prior signature.
|
||||
A subkey revocation signature revokes a prior subkey binding signature, while a certification revocation revokes a certification signature.
|
||||
A revocation signature is used to invalidate a component, or retract the statement formed by a prior signature.
|
||||
|
||||
- A [*key revocation signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-key-revocation-signature-ty) (type ID `0x20`) marks a primary key as revoked.
|
||||
- a [*subkey revocation signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-subkey-revocation-signature) (type ID `0x28`) revokes a prior subkey binding signature, while
|
||||
- a [*certification revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-certification-revocation-si) (type ID `0x30`) revokes a certification signature.
|
||||
|
||||
Typical use-cases for revocations are marking certificates or individual subkeys as unusable (for example, when the private key has been compromised or superseded), or marking User IDs as no longer used.
|
||||
|
||||
A revocation signature can either be *hard* or *soft*:
|
||||
|
||||
- A soft revocation of a certificate invalidates it from the revocation signature's creation time onwards. This means signatures issued before the revocation remain intact.
|
||||
- A hard revocation, by contrast, invalidates the certificate retroactively, rendering all issued signatures invalid, regardless of creation time.
|
||||
|
||||
Soft revocations are typically used whenever a key or User ID is retired or superseded gracefully, while hard revocations can, for example, signal compromise of secret key material.
|
||||
|
||||
```{note}
|
||||
OpenPGP certificates act as append-only data structures, in practice. Elements of a certiciate can not be removed from the copies on key servers and the OpenPGP systems of third parties, once published. Implementations usually merge all available components and signatures.
|
||||
|
||||
|
@ -208,15 +205,15 @@ Note: certification signatures [can be made irrevocable](https://www.ietf.org/ar
|
|||
|
||||
#### Hard vs. soft revocations
|
||||
|
||||
A revocation signature may contain a subpacket indicating the reason for revocation. This subpacket contains a code which specifies why the revocation was issued. This code determines, whether the revocation is hard or soft.
|
||||
A revocation signature can contain a subpacket indicating the [*reason for revocation*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-reason-for-revocation). The value of this subpacket contains a code that specifies why the revocation was issued. This code determines whether the revocation is considered a *soft revocation* or a *hard revocation*:
|
||||
|
||||
A soft revocation is typically used for graceful or planned revocations. A soft revocation can be reverted by re-validating the certificate, User ID or subkey with a fresh binding signature.
|
||||
A soft revocation invalidates the target certificate beginning with the revocations creation time.
|
||||
- A *soft revocation* is typically used for graceful or planned invalidation. Soft revocation of a component invalidates it from the revocation signature's creation time onwards. Uses of the component before the revocation time remain intact. Soft revocations can be reverted by re-validating the invalidated component with a new self-signature.
|
||||
- A *hard revocation*, by contrast, invalidates the component retroactively, rendering all past and future uses invalid. Hard revocation of a component cannot be undone by re-validating the component.
|
||||
|
||||
Contrary, a hard revocation cannot be re-validated. Furthermore, a hard-revoked certificate is invalidated retroactively.
|
||||
Soft revocations are typically used when a certificate, subkey or User ID is retired or superseded gracefully, while hard revocations are typically used to signal compromise of secret key material.
|
||||
|
||||
```{note}
|
||||
A missing revocation reason subpacket is equivalent with a hard revocation reason.
|
||||
A revocation signature that has no *reason for revocation* subpacket is interpreted as a hard revocation.
|
||||
```
|
||||
|
||||
(third_party_cert)=
|
||||
|
|
Loading…
Reference in a new issue