ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] rfc3880bis - hard expiration time

2015-04-27 09:19:19
from [Derek Atkins] [Permanent Link] 
Jon,

Jon Callas <jon(_at_)callas(_dot_)org> writes:


On Apr 21, 2015, at 4:50 AM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net> wrote:

* PGP - S/MIME Signed: 04/21/2015 at 04:50:25 AM

On Mon, 2015-04-20 at 23:50 -0700, Jon Callas wrote:

Personally, I think that the present way things are done is
syntactically fine. Semantically, there are many bogosities. You can
time-limit your signature on a key, but no one ever does.

As I've explained before, I don't think that this is the same as
hardcoding it into the key, as it wouldn't change the fingerprint, would
it?!


I read your explanation. I understand it. I just disagree.

I think that hard-expiration is not only a bad idea, but unenforceable.


It was enforceable with V3 keys.  It is, as Christoph pointed out, no
longer enforceable with V4 keys because it was moved out of the Public
Key Packet and into the SelfSig.  :-(


It's a *good* thing for Alice to be able to update the expiration time
on her key. It encourages putting a limit on (as opposed to no limit)
if it can be changed later. It also allows advanced systems to be able
to do some really cool things with short lived keys.


This is a reason for SelfSigs to expire.  However if the key itself is
stolen/compromised the attacker could then create an updated SelfSig
with an updated expiration.

If the key itself had an expiration (as it did in v3) then this attack
wouldn't work.  But then it also means Alice would *have* to generate a
new key after the old key expired.  (Or, worst case, Alice would have to
regenerate a new Certificate using the same key parameters and then
obtain all those signatures again).


And you probably can't prevent it anyway. X.509 syntax people have
kittens if you reuse a key in certs. And yet a major feature of many
PKI systems is to "reissue" a cert with a new expiration time, because
it makes operations much easier for everyone.

      Jon

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp




-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] rfc3880bis - hard expiration time, Christoph Anton Mitterer
Next by Date:  Re: [openpgp] rfc3880bis - hard expiration time, Dominik Schuermann
Previous by Thread:  Re: [openpgp] rfc3880bis - hard expiration time (was: details of 4880bis work), Christoph Anton Mitterer
Next by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Christoph Anton Mitterer
Indexes:  [Date] [Thread] [Top] [All Lists]