Filename: 240-auth-cert-revocation.txt
Title: Early signing key revocation for directory authorities
Author: Nick Mathewson
Created: 09-Jan-2015
Status: Open

1. Overview

   This proposal describes a simple way for directory authorities to
   perform signing key revocation.

2. Specification

   We add the following lines to the authority signing certificate
   format:

     revoked-signing-key SP algname SP FINGERPRINT NL

   This line may appear zero or more times.

   It indicates that a particular not-yet-expired signing key should not
   be used.

3. Client and cache operation

   No client or cache should retain, use, or serve any certificate whose
   signing key is described in a revoked-signing-key line in a
   certificate with the same authority identity key.  (If the signing
   key fingerprint appears in a cert with a different identity key, it
   has no effect: you aren't allowed to revoke other people's keys.)

   No Tor instance should download a certificate whose signing
   key,identity key combination is known to be revoked.

4. Authority operator interface.

   The 'tor-gencert' command will take a number of older certificates to
   revoke as optional command-line arguments.  It will include their
   keys in revoked-signing-key lines only if they are still valid, or
   have been expired for no more than a month.

5. Circular revocation

   My first attempt at writing a proposal here included a lengthy
   section about how to handle cases where certificate A revokes the key
   of certificate B, and certificate B revokes the key of certificate A.

   Instead, I am inclined to say that this is a MUST NOT.