David Shaw <dshaw(_at_)jabberwocky(_dot_)com>:
On Thu, Mar 06, 2003 at 03:53:30PM +0100, Bodo Moeller wrote:
What about appending a new section after 5.2.3.3 as follows to ensure
that there is a way to express key expiry such that keys cannot be
un-expired by attackers later (see the threads at
http://www.imc.org/ietf-openpgp/mail-archive/msg02374.html
http://www.imc.org/ietf-openpgp/mail-archive/msg02848.html
http://www.imc.org/ietf-openpgp/mail-archive/msg03693.html
and finally
http://www.imc.org/ietf-openpgp/mail-archive/msg04220.html
I've read all this, and I believe I understand what you are trying to
do: get back the "hard" expiration date that v3 keys had, rather than
the "soft" expiration date of v4 keys. However, while the suggested
fix results in something closer to a hard expiration date, it is not
as hard as the original v3 expiration date since the expiration date
still vulnerable to manipulation if an attacker can influence the key
distribution channel. [...]
Can you elaborate? With my proposal, to set a "hard" expiration date,
you include it in the certification self-signatures. Thus an
adversary who wants to remove the expiration date has to remove the
self-signatures, rendering the key invalid (at least for software that
rejects keys without self-signatures -- possibly this is a requirement
that is missing in the specification, but this problem would affect V3
keys as well).
--
Bodo Möller <moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036