On Mon, Sep 23, 2002 at 01:49:14PM -0500, Richie Laager wrote:
Did you read my original message from the mailing list archives?
There is a simple workaround for the protocol failure, which does
not have the problems of your proposal: whenever someone certifies
someone else's key, then if this key has an expiration time set,
the certification signature should get an expiration time too such
that the signature's validity period extends no longer into the
future than the key's validity period.
How does this help? If a "bad guy" gets the private key, he can
simply resign everyone's key.
If the bad guy gets Alice's private key that has expired, he can renew
Alice's self-signature on the key, but he cannot renew Bob's
certification for Alice's key, which will have expired too according
to my proposal. So no-one will believe it is still Alice's key.
Well, nearly no-one -- I can't speak for Jon :-)
--
Bodo Möller <moeller(_at_)cdc(_dot_)informatik(_dot_)tu-darmstadt(_dot_)de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036