David Shaw wrote: > It doesn't actually revoke all of them. A 0x30 revocation on a 0x1F > signature revokes (potentially) all of them that are a) from the same > issuer (or from that issuer's designated revoker), and b) timestamped > earlier than the revocation. It cannot revoke ones that come after > it. Of course. Sorry for the sloppy wording of my email. This is what I meant. > Even then there is the possibility of confusion of which signature you > intend to revoke. In those cases, you can always specify a particular > signature to revoke using the Signature Target subpacket in the > revocation. Arguably, you could even revoke multiple signatures with > one revocation by using multiple subpackets. > > Not, it should be pointed out, that many (any?) implementations > support Signature Targets yet. But the semantics are there. Thank you, this answers my question. Haven't paid attention to Signature Targets, because I haven't seen a single one in the wild. But they are, indeed, truly useful and as such worth implementing as soon as OpenPGP gets used for serious legal purposes. I might do it myself. -- Daniel
Attachment:
signature.asc
Description: OpenPGP digital signature