Skip to main content

Module revocation

Module revocation 

Source
Expand description

Producer key-revocation signal (ACDP 0.3, RFC-ACDP-0014).

A revocation is not a new wire object: it is an ordinary signed, permanent, content-addressed Body of type key-revocation (interim pre-0.3.0 form: acdp:key-revocation) whose metadata declares a key compromised as of a stated time. This module is the typed view over that metadata: KeyRevocation::from_body enforces the §4 shape rules and derives the §5/§6 trust class, and effective_boundary applies the §4 earliest-compromised_since rule across a set of revocations.

Parsing a revocation does NOT verify it. A verified revocation additionally requires the strict RFC-ACDP-0001 §5.11 body pipeline plus the §5 not-self-signed check (KeyRevocation::check_not_self_signed) against the resolved signing key’s fingerprint — acdp-client wires the full pipeline.

Structs§

KeyRevocation
Typed, shape-validated view of a key-revocation context body (RFC-ACDP-0014 §4).

Enums§

RevocationTrustClass
The two trust classes of RFC-ACDP-0014 §5–§6. They carry different authority and MUST be reported distinguishably — never collapsed (§6).

Constants§

MAX_REASON_CHARS
Maximum length of metadata.reason (RFC-ACDP-0014 §4).

Functions§

effective_boundary
The effective compromise boundary for key_fingerprint across a set of (verified) revocations: the earliest compromised_since among those that name the fingerprint, or None when none does.