On Tue, May 30, 2000 at 03:58:57PM -0700, hal(_at_)finney(_dot_)org wrote:
Paul Koning writes, quoting Len Sassaman:
Eh? If you sign my key, and then your *key* expires, your
signature is still included in validity calculations for my
key. Even after your key expires. (However, you had to sign my key
prior to the expiration of yours).
Agreed; that's what I meant. (Checking the signature requires a key
that was good at the time that signature was created. It's the
signature that is being verified, and the date of that signature is
what matters.)
The problem is that we don't have a mechanism for securely timestamping
signatures. If someone breaks or steals an expired key, they can create
a back-dated signature with it.
In my opinion it is risky to rely on a signature by an expired key.
Possibly, but ignoring keys on the grounds that they are expired does
not buy you much because of the expiry date protocol failure in the
OpenPGP key format. I've brought this up some time ago on this
mailing list, here's a reminder:
In the old PGP key format, key certification covers the expiration
time, and all is well. (The validity period [key creation time and key
expiration time] is part of the version 3 public key packet.)
However, in the current OpenPGP key format, the key expiration time is
covered only by self-signatures. (A version 4 public key packet
cannot specify a validity period. The key validity period is in the
signature packet instead.) Thus, if someone breaks or steals an
expired OpenPGP key, they can renew it, and the old certificates will
remain valid for the key with extended validity period or unlimited
validity.
Fix: Always include a signature expiration time when certifying a key
that has a key expiration date in its self-signature; the time must be
chosen such that the certificate's validity does not extend further
into the future than the key's validity.
The bottom line is that if you don't want to rely on signatures by
expired keys, then you cannot rely on any certificates that don't
contain a signature expiration time (unless the certified key
is in a version 3 public key packet).
--
Bodo Möller <moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036