-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-----Original Message-----
From: Bodo Moeller
[mailto:moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de]
Sent: Monday, September 23, 2002 1:03 PM
To: Richie Laager
Cc: 'Derek Atkins'; 'Jon Callas'; 'OpenPGP'
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
On Mon, Sep 23, 2002 at 12:48:16PM -0500, Richie Laager wrote:
Yes he can -- this is exactly the problem [1] that I want to
solve with my suggested change to the specification. The way
Jon wants to use key expiration, the bad guy can keep the key
alive
indefinitely. I call this a protocol failure, he calls it a
feature.
I've been following this thread somewhat, and I have the
following suggestion: [...]
Did you read my original message from the mailing list archives?
There is a simple workaround for the protocol failure, which does
not have the problems of your proposal: whenever someone certifies
someone else's key, then if this key has an expiration time set,
the certification signature should get an expiration time too such
that the signature's validity period extends no longer into the
future than the key's validity period.
How does this help? If a "bad guy" gets the private key, he can
simply resign everyone's key.
Richie
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPY9iKm31OrleHxvOEQIFggCfYsFDQBW0Y76iV0j8ydzI/Ct2ZkEAoNCD
4+CEOfmM9vpCRaphkQDdQpFv
=lWxk
-----END PGP SIGNATURE-----