This repository was archived by the owner on Aug 15, 2025. It is now read-only.
This repository was archived by the owner on Aug 15, 2025. It is now read-only.
[p2-core] Figure out "TODO" section in chapter 6.1.4 #138
Description
At the end of chapter 6.1.4, one can currently find a warning:
The following questions are still open:
Should actors always be able to revoke the ID-Cert they are sending the revocation message with without needing to complete a sensitive action?
Currently, I cannot see any reason that would speak against this.
How can actors remain in control of their keys? If revocations need to be signed by the server, then the server has more authority over keys than the actor does
Revocations should likely never have to be signed by the server. Either that, or it does, but the trust model assumptions apply.
These questions should be answered, with the warning being removed in the process.