hal(_at_)finney(_dot_)org writes:
The purpose of Alice's signature was to identify Bob, not to say that
he is trustworthy. I am the one who made that latter determination.
Given that Alice at one time certified Bob's identity, the fact that her
certification has expired doesn't change the fact that I still trust him.
If a certification grants access to some resource, access should
certainly be denied if the certification expires. (Perhaps this is a
bad example, because this is quite easy to enforce during
implementation because it only affects the "server" side, not the
"client" side, where many OpenPGP implementations might coexist, while
there's only one server protecting that specific resource.)
A better example: the CA of an organization signs the public key of
one of its members, knowing the member will perhaps leave the
organization in, say, 6 months. So the CA lets the signature expire
in 6 months. (If he's still around at that time, his key will get
just another certificate.) According to the CA policy, a key
certification implies the statement that the key owner is a member of
said organization. If the signature expires and doesn't become
invalid automatically, the CA still has to issue a revocation
certificate to ensure that it's really invalid on all clients. If the
organization has got a considerable member fluctuation, this will
result in a quickly growing certificate revocation list (CRL) which
mainly contains redundant information (the signatures are expired
anyway).
In at least some cases, then, it might be reasonable to continue to use
expired signatures in trust calculation.
But the user has to be notified that an expired signature was involved
at some point. I don't it's a good idea to hide this fact. On the
other hand, the user should be able to verify a signature which was
made some time ago, and some links in the chain of trust to the
signing key have expired since. (Internally, we call this the
"time-travel" feature.) If the user trusts the signer not to issue
bogus signatures, this feature is very helpful, even though OpenPGP
doesn't provide safe timestamps.
I think we can agree that the decision whether expired certificates
should be part of validity calculations or not cannot be decided
mechanically. Since the message format specification shouldn't assume
interactive implementations, we have to make a decision here. My
instincts say the safe alternative (i.e. expired certificates are
ignored) should be chosen. (And our CRL wouldn't grow as fast as it
would without this additional requirement. ;)
--
Florian Weimer
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
http://ca.uni-stuttgart.de:11371/pks/lookup?op=get&search=0xC06EC3B5