-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You still can say shut up and go away ;-)
On the contrary, I think you should start discussing things here and
start writing drafts.
You
might also want to require the critical bit to be set on those
packets,
although that will impair interoperability.
What do you mean with this? Require it by the RFC?
No, the critical bit means that you want an operation to be 100%
correct or to fail. If there is any doubt in anyone's mind, you want
the system to halt with an unrecoverable error.
Hal points out that this will mar interoperability.
4) In chapter 5.2.3.3 it is explicitly allowed that the key
expiration
time is reset by a user (of course this cannot be prevented as the
key
expiration time is no longer part of the key itself). Isn't this
possibility comparable to revoke a revocation?
I mean the creators states: "This key SHOULD NOT be used after <key
expiration>." for example because he thinks an RSA786 key SHOULD no
longer be used in 10 years. An attacker might simply revoke this
(implicit) revocation by issuing a new self-signature with an
updated
date.
If the attacker got the private key.
What was the reason that the key expiration time was taken out of the
key itself (I think it was there before?)?
Because in PGP 3, a number of attributes were moved to the self-sigs
with the thought that you might have a key with different user ids and
different features. For example, I might have a user id in which a
cipher is allowed, and one in which it is not. You might also want to
have different expirations on those user ids.
Well this would be great,.. I mean the current MAIN implementations of
OpenPGP are probably GnuPG and PGP. I think David and Werner who
represent GnuPG are reading this list and you, are you still at PGP
Corporation?
Yes.
Best wishes,
Peter
To you too! It's nice to see enthusiastic new blood.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFJgfeksTedWZOD3gYRAmLQAKChmG6pgdkCdkZDIslxMEUupmLCQACgxAQj
H8YuyCyhFF697rSGw40BBBQ=
=+IVy
-----END PGP SIGNATURE-----