ietf-openpgp
[Top] [All Lists]

Re: Hard expiration dates (was: I-D ACTION:draft-ietf-openpgp-rfc2440bis-07.txt)

2003-03-23 00:00:04

On 3/22/03 4:23 AM, "Adrian 'Dagurashibanipal' von Bidder"
<avbidder(_at_)fortytwo(_dot_)ch> wrote:

Not having read all the references, I could be wrong. But IIRC the
really hard thing about v3 expiration date was that changing the
expiration date would also change the key fingerprint (and keyid?). So,
even when the adversary comes to possess the secret key he can't
unexpire the key.

The V3 fingerprint is computed by the MD5 hash of the two RSA MPIs (sans
lengths). So no, it wouldn't change the fingerprint.

The V4 fingerprint *includes* the creation time of the key, which is in most
people's opinion, a flaw. We were considering a V5 format to change that at
one time.

    Jon