[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work

To: Steve Kent <kent@BBN.COM>
Subject: Re: IPsec near term work
From: Derek Atkins <warlord@MIT.EDU>
Date: Fri, 04 Feb 94 14:12:43 EST
Cc: ipsec@ans.net
In-Reply-To: Your message of Fri, 04 Feb 94 09:42:26 -0500. <9402041448.AA04393@MIT.EDU>

> 	Your later comment suggestions there was a typo in my message.
> I was referring to CRLs: certificate revocation lists.

Ok, I thought that's what you meant.  And I'm sorry to say, but you
are mis-informed.  You can have revocations in a web-of-trust model.
There are two kinds.  A person can revoke his own key, which is a key
revocation certificate, or an entity can revoke its signature on a
key, a signature revocation certificate.  (There are also userID
revocations as well).  There is no reason that this can't exist.

Steve, I realize you do not like PGP, but you seem to have this
mindset that web-of-trust == PGP.  This is not the case.  As I said in
an earlier message, PGP is an program that implements a web-of-trust.
If you really want to know, while the current PGP implementation only
has key revocation certificates, the data structures allow for both
signature and userID revocations.  The idea behind them is that a user
should be able to revoke his own key, and any userIDs on his key, and
any signatures he makes.

I'm sorry, but what were you saying about CRLs? I don't remember your
original statement.

-derek

Follow-Ups:

Re: IPsec near term work

From: Steve Kent <kent@BBN.COM>

Prev by Date: Re: IPsec near term work
Next by Date: Re: IPsec near term work
Prev by thread: Re: IPsec near term work
Next by thread: Re: IPsec near term work
Index(es):
- Main
- Thread