ietf-openpgp
[Top] [All Lists]

Re: Series of minor questions about OpenPGP 4

2009-01-29 14:58:12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


You still can say shut up and go away ;-)

On the contrary, I think you should start discussing things here and  
start writing drafts.

You
might also want to require the critical bit to be set on those  
packets,
although that will impair interoperability.
What do you mean with this? Require it by the RFC?

No, the critical bit means that you want an operation to be 100%  
correct or to fail. If there is any doubt in anyone's mind, you want  
the system to halt with an unrecoverable error.

Hal points out that this will mar interoperability.


4) In chapter 5.2.3.3 it is explicitly allowed that the key  
expiration
time is reset by a user (of course this cannot be prevented as the  
key
expiration time is no longer part of the key itself). Isn't this
possibility comparable to revoke a revocation?
I mean the creators states: "This key SHOULD NOT be used after <key
expiration>." for example because he thinks an RSA786 key SHOULD no
longer be used in 10 years. An attacker might simply revoke this
(implicit) revocation by issuing a new self-signature with an  
updated
date.
If the attacker got the private key.
What was the reason that the key expiration time was taken out of the
key itself (I think it was there before?)?

Because in PGP 3, a number of attributes were moved to the self-sigs  
with the thought that you might have a key with different user ids and  
different features. For example, I might have a user id in which a  
cipher is allowed, and one in which it is not. You might also want to  
have different expirations on those user ids.


Well this would be great,.. I mean the current MAIN implementations of
OpenPGP are probably GnuPG and PGP. I think David and Werner who
represent GnuPG are reading this list and you, are you still at PGP
Corporation?

Yes.


Best wishes,
Peter


To you too! It's nice to see enthusiastic new blood.

        Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFJgfeksTedWZOD3gYRAmLQAKChmG6pgdkCdkZDIslxMEUupmLCQACgxAQj
H8YuyCyhFF697rSGw40BBBQ=
=+IVy
-----END PGP SIGNATURE-----