Re: [openpgp] rfc3880bis - hard expiration time

On Thu, 2015-04-23 at 11:48 -0400, Derek Atkins wrote: 
> No, it would not, which is IMHO the right thing.
>
> I.e., IMNSHO I feel you should expire your key by expiring your
> self-signature on the key.  If you want to extend your key then you
> re-sign it with a new self-signature.
Well but than it's useless to make the key as a whole expirable.

And as I outlaid before, this destroys the use case that a user wants to
limit the usability of his key, regardless of whether e.g. old signature
algos would be broken or his key compromised.

If that's only in the selfsig *without* invalidating the other
signatures, then an attacker could try a downgrade attack and e.g. forge
the selfsig with weaker algos... or more likely... simply create a new
selfsig when the key was compromised.

If the fingerprint and other users' signatures wouldn't invalidate them,
all the attacker needs to do is block the revocation (if any).


Therefore, it should be mandatory that both, the valid from and valid to
times are encoded in such a way, that changing them would render all
other signatures invalid and would change the FP.
(Of course it should be possible to specify and infinite expiration
time).


Cheers,
Chri

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp