ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Hard expiration dates (was: I-D ACTION:draft-ietf-openpgp-rfc2440bis-07.txt)

2003-03-21 17:14:57
from [David Shaw] [Permanent Link] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Mar 06, 2003 at 03:53:30PM +0100, Bodo Moeller wrote:


What about appending a new section after 5.2.3.3 as follows to ensure
that there is a way to express key expiry such that keys cannot be
un-expired by attackers later (see the threads at
     http://www.imc.org/ietf-openpgp/mail-archive/msg02374.html
     http://www.imc.org/ietf-openpgp/mail-archive/msg02848.html
     http://www.imc.org/ietf-openpgp/mail-archive/msg03693.html
and finally
     http://www.imc.org/ietf-openpgp/mail-archive/msg04220.html


I've read all this, and I believe I understand what you are trying to
do: get back the "hard" expiration date that v3 keys had, rather than
the "soft" expiration date of v4 keys.  However, while the suggested
fix results in something closer to a hard expiration date, it is not
as hard as the original v3 expiration date since the expiration date
still vulnerable to manipulation if an attacker can influence the key
distribution channel.  This attack is not possible with the v3
expiration system.

I'm not proposing this as something for 2440bis, but I'm curious why
you aren't proposing a v5 key format with the expiration date in the
key packet as it was in v3 keys?  This would seem to give the best of
all worlds - the "hard" expiration date in the key packet is truly
hard, and if the hard expiration date is not used, then the same
"soft" expiration date from the self-signature that is in use now can
be used.  (Incidentally, this is how GnuPG handles expiration on v3
keys with v4 self-sigs.)

Whether the direct-key signature solution or the v5 key solution is
used, it will take some new code written and released to handle it, so
why not use the more rigorous solution?

Again, I'm not suggesting v5 keys for 2440bis.  I'm sure there are
other things that people would want for a v5 key format aside from
hard expiration dates.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+e6r+4mZch0nhy8kRAn3TAJ9psS+ib9tmFvw/MvAz+OgIHZoGPgCeMI3m
54Uo9J0NE60TVSjeD+vtrCU=
=0hBz
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenPGP.org and GnuPG, Mike Markowitz
Next by Date:  Re: Hard expiration dates (was: I-D ACTION:draft-ietf-openpgp-rfc2440bis-07.txt), Bodo Moeller
Previous by Thread:  Re: I-D ACTION:draft-ietf-openpgp-rfc2440bis-07.txt, Bodo Moeller
Next by Thread:  Re: Hard expiration dates (was: I-D ACTION:draft-ietf-openpgp-rfc2440bis-07.txt), Bodo Moeller
Indexes:  [Date] [Thread] [Top] [All Lists]