On Sat, 10 Jan 2015, Nick Mathewson wrote: > This proposal describes a simple way for directory authorities to > perform signing key revocation. > > 2. Specification > > We add the following lines to the authority signing certificate > format: > > revoked-signing-key SP algname SP FINGERPRINT NL
Why not implictly revoke any previous signing key when we see a new, valid signing key certificate with a later published timestamp? It would appear to be simpler and require less state. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev