ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Problems with v4 key packet format

2005-09-21 15:05:15
from ["Hal Finney"] [Permanent Link] 

Daniel Nagy writes:

On Wed, Sep 21, 2005 at 09:52:33AM -0700, "Hal Finney" wrote:

I would like to see immutable material put there.  One thing that bothers
me in the current V4 is that the key's expiration date can be changed by
updating the self-signature.  Suppose your key has expired and you don't
use it any more.  As a result perhaps you don't protect it that well.
If someone gets hold of the private part, they can issue a new self-sig
with a new expiration date and bring this dead key back to life.  It would
be better if a dead key would stay dead.  Expiration date and creation
date would be better placed in the key packet, IMO (as they were with
V3 keys).


Careful! If this information is not part of the fingerprint/keyID it can
still be changed by updating the self-signature, no matter whether it's in
thte signature packet or in the key packet.


Not exactly, the self-signature would not (by convention) override the
information in the key subpackets.  So just issuing a new self-signature
would not help.

What could happen is that someone who got hold of the private material
could create a new key packet with the same keyid/fingerprint but with
a different expiration date.  But(!) the new key would not inherit the
signatures on the old key.  That is what I was thinking of as important.
It would not be valid, it would not be part of the Web of Trust.
The idea is that key signatures would cover all of the subpackets,
even though fingerprints do not.


David's idea with sub-packets should be implemented in such a way that
hashed sub-packets are part of the fingerprint. Maybe, we don't even need
unhashed sub-packets.

If you're importing a foreign key or generating one on the fly, you don't
put subpackets into the key that cannot be determined next time you use the
same source to get the key. A flag in a subpacket indicating where the key
comes from might be useful, though.


This is a good point, I'll have to think about it.  I'm still not
sure that covering this material with key fingerprints and keyids is
the right thing to do.  What would the security threats be from being
able to bring a key back to life with the same fingerprint and keyid,
but without any signatures on it being valid?

Hal Finney
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Some thoughts on a v5 key and why it shouldn't be a mess (fwd), Daniel A. Nagy
Next by Date:  Re: Problems with v4 key packet format, David Shaw
Previous by Thread:  Re: Problems with v4 key packet format, David Shaw
Next by Thread:  Re: Problems with v4 key packet format, David Shaw
Indexes:  [Date] [Thread] [Top] [All Lists]