Expand description
Producer key-revocation signal (ACDP 0.3, RFC-ACDP-0014).
A revocation is not a new wire object: it is an ordinary signed,
permanent, content-addressed Body of type key-revocation
(interim pre-0.3.0 form: acdp:key-revocation) whose metadata
declares a key compromised as of a stated time. This module is
the typed view over that metadata: KeyRevocation::from_body
enforces the §4 shape rules and derives the §5/§6 trust class, and
effective_boundary applies the §4 earliest-compromised_since
rule across a set of revocations.
Parsing a revocation does NOT verify it. A verified revocation
additionally requires the strict RFC-ACDP-0001 §5.11 body pipeline
plus the §5 not-self-signed check
(KeyRevocation::check_not_self_signed) against the resolved
signing key’s fingerprint — acdp-client wires the full pipeline.
Structs§
- KeyRevocation
- Typed, shape-validated view of a
key-revocationcontext body (RFC-ACDP-0014 §4).
Enums§
- Revocation
Trust Class - The two trust classes of RFC-ACDP-0014 §5–§6. They carry different authority and MUST be reported distinguishably — never collapsed (§6).
Constants§
- MAX_
REASON_ CHARS - Maximum length of
metadata.reason(RFC-ACDP-0014 §4).
Functions§
- effective_
boundary - The effective compromise boundary for
key_fingerprintacross a set of (verified) revocations: the earliestcompromised_sinceamong those that name the fingerprint, orNonewhen none does.