RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 4880, "OpenPGP Message Format", November 2007

Note: This RFC has been updated by RFC 5581

Source of RFC: openpgp (sec)
See Also: RFC 4880 w/ inline errata

Errata ID: 3298
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Daniel Kahn Gillmor
Date Reported: 2012-07-27
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16

Section 5.2.4 says:

Key revocation signatures (types 0x20 and 0x28) hash only the key being revoked.

It should say:

Primary key revocation signatures (type 0x20) hash only the key being revoked.
Subkey revocation signature (type 0x28) hash first the primary key and then the
subkey being revoked.


This amendment to subkey revocation signatures is intended to align the spec with existing implementations. (it also makes the subkey revocation signatures more symmetric with the subkey binding signatures).

GnuPG (all known versions with subkey support) hashes both keys, as does PGP (tested at version 6.5.8). I'm unaware of any other OpenPGP implementation that actually complies with the spec as written for subkey revocations.

This was apparently noticed (but apparently ignored) back in 2000 (see point 2 of [0]) and was recently discussed again on the IETF list [1].

[0] http://www.mhonarc.org/archive/html/ietf-openpgp/2000-12/msg00001.html
[1] http://www.mhonarc.org/archive/html/ietf-openpgp/2012-07/msg00003.html

Report New Errata

Advanced Search