Re: [openpgp] details of 4880bis work

On Wed, 2015-04-15 at 14:01 -0700, Jon Callas wrote:
> There was also a mention somewhere of removing the timestamp from the
> fingerprint, and that's what I really want to comment on.
> When 2440 started, removing the timestamp was one of the things I
> wanted to do. However, it's not such a bad thing. If you make a
> fingerprint merely be a function of the key (it has no variable data),
> then you lose the ability to alias the key, which is actually useful.
I think the main problem with the valid from/through dates not being a
part of the fingerprint is the following:

A user may intentionally want to limit his key for security reasons,
e.g. he makes a 1024 bit and wants to make sure that no one is
using/trusting it after two years anymore.

AFAIU, if the dates are not part of the fingerprint this would also mean
that they could be changed any time with a new self sig (including at a
time when the key owner may deem the 1024 bit RSA already no longer
secure enough to be trusted).
Of course one can make a revocation cert, but an attacker could always
try a blocking attack at the keyserver level.

That's why I think, that creation and expiration times should be
immutable once the key has been created; at least not without
invalidating all signatures (i.e. those from other users).


And analogous example to the above can easily be made for the starting
time. If an attacker could re-sign a broken key to an earlier date
(without invalidating other signatures) he could also forge signatures
for the time before.


Does that sound reasonable?

Cheers,
Chris.

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp