[Top] [All Lists]

Re: draft-ietf-openpgp-rfc2440bis-06.txt

2002-09-24 09:13:43

Hash: RIPEMD160

Bodo Moeller wrote:
Of course the one problem we cannot avoid is that the legitimate owner
of the key cannot keep the key alive indefinitely.  This is because
this "problem" is exactly the security feature that me and Florian
Weimer and Derek Atkins want to have: we don't want the bad guy to be
able to unexpire the key if he gets hold of the secret key.

so set key expiration in direct key signature. there can be only
one direct key signature. direct key signature is self signature (
so key expiration can be set in it. (though most PGP implementations may
not recognize key expiration in direct key signature....) Key expiration time
   (4 octet time field)
   The validity period of the key.  This is the number of seconds after
   the key creation time that the key expires.  If this is not present
   or has a value of zero, the key never expires. This is found only on
   a self-signature.
   ^^^^^^^^^^^^^^^^ Notes on Self-Signatures
   A self-signature is a binding signature made by the key the
   signature refers to. There are three types of self-signatures, the
   certification signatures (types 0x10-0x13), the direct-key signature
   (type 0x1f), and the subkey binding signature (type 0x18).

 ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1