Expand description
Consumer-side key-revocation semantics (ACDP 0.3, RFC-ACDP-0014).
Three layers:
classify_under_revocation— the pure §7 boundary rule: given verified revocations and a (receipt-attested) publish time, decide historically authorized (pre-compromise, receipt-attested) vs fail-closed. This is whatVerificationPolicy::revocationsdrives inside the fetch pipeline.verify_revocation_body— the §5 verification pipeline for a revocation context itself: strict RFC-ACDP-0001 §5.11 body verification, §4 shape parse, and the §5 step 2 not-self-signed check against the resolved signing key’s fingerprint.find_revocations— the §8 discovery SHOULD: search a registry for a producer’s revocation contexts and return the ones that verify.
Functions§
- classify_
under_ revocation - Apply the RFC-ACDP-0014 §7 compromise-boundary rule.
- find_
revocations - Discover a producer’s key revocations on a registry
(RFC-ACDP-0014 §8): search
type=key-revocation(and the §10 interimacdp:key-revocation) withagent_id=<producer>, retrieve each match, and return the ones that verify per §5 (verify_revocation_body). Candidates that fail verification — including self-signed “revocations”, which are at most a hint (§5 step 2) — are skipped, not errors. Superseded revocations are queried too: the §4 earliest-boundary rule needs the whole lineage. - verify_
revocation_ body - Verify a
key-revocationcontext body per RFC-ACDP-0014 §5 and return its typed, trust-classified form.