On Sat, May 20, 2006 at 10:37:56AM +0000, NextGen$ wrote: > * David 'Bombe' Roden <droden at gmail.com> [2006-05-20 12:18:40]: > > > On Saturday 20 May 2006 12:03, you wrote: > > > > > Why don't I want to allow new keys to be stored into revocation keys > > > ? Because I do trust people I'll give the revocation key enough for > > > revoking my key, but not enough to give them the private key. So I > > > don't want to allow them to regen&distribute a new key ;) > > > > With the simple system there is no special revocation key, or did I > > misunderstand something? > > just like USKs are ;) > > > If SRK is just a wrapper around SSK the > > revocation key would be the same as your SSK private key, wouldn't it? > > no, it wouldn't : it would be a different key. that's the purpose.
No, it would have to be the same. Otherwise it ceases to be simple, because it requires metadata changes. I'm inclined to just implement the proper way anyway, it's not THAT much work. > > > > > > NextGen$ > > > > David -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060520/003bd47b/attachment.pgp>
