ietf-openpgp
[Top] [All Lists]

Re: [openpgp] rfc3880bis - hard expiration time

2015-04-27 19:43:35
I read your explanation. I understand it. I just disagree.

I think that hard-expiration is not only a bad idea, but unenforceable.

It was enforceable with V3 keys.  It is, as Christoph pointed out, no
longer enforceable with V4 keys because it was moved out of the Public
Key Packet and into the SelfSig.  :-(

I'm well aware of this, Derek. I'm saying that hard expiration is in my opinion 
not only impossible even with V3 keys (just rewrite everything), but a bad idea.



It's a *good* thing for Alice to be able to update the expiration time
on her key. It encourages putting a limit on (as opposed to no limit)
if it can be changed later. It also allows advanced systems to be able
to do some really cool things with short lived keys.

This is a reason for SelfSigs to expire.  However if the key itself is
stolen/compromised the attacker could then create an updated SelfSig
with an updated expiration.

If the key itself had an expiration (as it did in v3) then this attack
wouldn't work.  But then it also means Alice would *have* to generate a
new key after the old key expired.  (Or, worst case, Alice would have to
regenerate a new Certificate using the same key parameters and then
obtain all those signatures again).

Yeah, and I'm saying that think the current behavior is a good thing, all in 
all. Gentlepersons can disagree on this, I'm just giving my opinion.

        Jon


_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>