Re: [openpgp] Fingerprints
2015-04-27 10:03:50On Mon, 2015-04-27 at 10:24 -0400, Derek Atkins wrote:
It's not part of the v4 keys, and I can't recall a section which makes the key exp sig subpacket mandatory.I read 4880 again and I'm afraid I was wrong and you are correct; the key expiration was removed in v4 keys.
No worries :)
Having the subpacket mandatory doesn't help, because the self-sig can always be reissued.
Sure,.. I meant the key packet shouldn't be designed in such a way, that "absence" of the expiration time field is interpreted as "infinite". That one zero field doesn't harm and I think it's generally better to explicitly store things.
Anyway, the idea for making it mandatory has less to do with the immutable vs. mutable question... it's rather based on the idea that we should IMHO try to strengthen and clarify the whole message format. E.g. I think we should convert the critical-bit to be a non-critical bit. e.g. everything is considered critical unless explicitly specified not to be.With it being in the self-sig there is no way to make it immutable. I could take the top-level key packet and create a new self-sig on it with a different key-expiration subpacket. All other signatures on the key will remain valid (because they don't include the self-sig), and the key fingerprint wont change (because it doesn't include the selfsig, either).
Sure... that's what I'm trying to write since some days now :-)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
| Previous by Date: | Re: [openpgp] rfc3880bis - hard expiration time, Christoph Anton Mitterer |
|---|---|
| Next by Date: | Re: [openpgp] 4880bis: Update S2K, David Gil |
| Previous by Thread: | Re: [openpgp] Fingerprints, Derek Atkins |
| Next by Thread: | Re: [openpgp] Designated Revokers, Vincent Breitmoser |
| Indexes: | [Date] [Thread] [Top] [All Lists] |