ietf-openpgp
[Top] [All Lists]

Re: Behavior of implementations regarding certain key material

2000-05-31 09:56:33
Lutz writes:
* hal(_at_)finney(_dot_)org wrote:
PGP versions 5.0 and later do not use expired keys in trust calculations.

Bad choice.

Yet I explained our reasoning in making this choice, and you appeared to
basically agree:

The problem is that we don't have a mechanism for securely timestamping
signatures.

There are techniques to do so (eternity log, ...) but they are
contraproductive on signature generation. Timestamps are optionally on
reception. In most cases they are generated implicit by starting an
business action.

If someone breaks or steals an expired key, they can create a back-dated
signature with it.

German politics generated a (not required) appendix to the law, prohibitting
specifically to back-date a computer while signing a document. So I can not
happen. :-)

Since the techniques to timestamp messages aren't implemented in our
protocol, and since the German law is obviously useless, it should
be clear that the timestamp on a signature is largely meaningless for
security purposes.  Hence comparing that against the expiration time of
the key is not a secure approach.  The method used in PGP is safer.

Hal