[tor-dev] proposal 240: Early signing key revocation for directory authorities.
Peter Palfrader
weasel at torproject.org
Sun Jan 11 09:23:32 UTC 2015
On Sat, 10 Jan 2015, Nick Mathewson wrote:
> This proposal describes a simple way for directory authorities to
> perform signing key revocation.
>
> 2. Specification
>
> We add the following lines to the authority signing certificate
> format:
>
> revoked-signing-key SP algname SP FINGERPRINT NL
Why not implictly revoke any previous signing key when we see a new,
valid signing key certificate with a later published timestamp?
It would appear to be simpler and require less state.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
More information about the tor-dev
mailing list