Crypographically Strong Software Distribution HOWTO
V. Alex Brennen
vab at cryptnet.net
Tue Jul 3 16:26:38 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 3 Jul 2001, Greg Broiles wrote:
> At 02:13 PM 7/3/2001 -0400, V. Alex Brennen wrote:
>
> >In the case of such a large project, perhaps you could issue
> >a separate role key pair to each developer and generate
> >revocation certificates which are held by the core group for
> >those keys. When a developer leaves the group, the revocation
> >certificate for his key would be circulated.
>
> Because current systems don't, to my knowledge, allow the creators of
> revocations to specify the reason(s) for revocation, I wonder if it would
> be better to rely on short-lived keys or certs which are renewed frequently
> during a person's membership or association with a group.
They do. GnuPG for example allows the user to choose between three
main reasons, then to add a variable length string explaining the
revocation.
GnuPG output example:
Please select the reason for the revocation:
1 = Key has been compromised
2 = Key is superseded
3 = Key is no longer used
0 = Cancel
(Probably you want to select 1 here)
Your decision? 3
Enter an optional description; end it with an empty line:
> To our surprise Alex actually found a girlfriend! He no
> longer has time to work on this project.
>
- VAB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQE7QiqH+pIJc5kqSz8RAnJ3AKCpsqwpoB1oHvQv4/oMZJO6T/ZoKwCcCK8a
f43nG9WYxKmZC9aaA+HQe4M=
=D067
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list