ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] rfc3880bis - hard expiration time

2015-04-29 09:06:19
from [Derek Atkins] [Permanent Link] 
Phillip,

Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:


On Tue, Apr 28, 2015 at 11:59 AM, Christoph Anton Mitterer
<calestyo(_at_)scientia(_dot_)net> wrote:

On Tue, 2015-04-28 at 11:36 -0400, Phillip Hallam-Baker wrote:

On Tue, Apr 28, 2015 at 10:04 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com> 
wrote:


Of course.  And in many use cases that's probably sufficient.  I see use
cases where it is not sufficient so I'd like to re-gain that feature.


I think this is a use case but a distinct usecase from the usual
interpretation of fingerprint on a businesscard.

We need a range of fingerprints for different purposes and that is why
I want to have the content-type to be part of the data that is being
hashed.


Maybe it's just me but you seem to often mix up different topics...

What has the question of hard expiration times to do with the
fingerprint formats, content-types or fingerprint use cases?


Derek and Jon are both discussing opposed use cases within OpenPGP
scope. I am pointing out that we are discussing one special case of
what should be a generic mechanism.

While IETF charters are narrow, we are also supposed to be looking for
ways to work with other IETF groups and make our work as useful as
possible to other groups.

Charter fetishes really don't help. Especially when we don't have a charter 
yet.


Putting the MIME content type in the data to be digested is the right
approach for OpenPGP and the right approach for IETF in general.


You are still, as Christoph pointed out, mixing topics.  I think we all
would appreciate it if you kept to the thread topics, or at least make
it clear how and why you are jumping ship.

On the face of it, talking about hard expiration times has NOTHING to do
with fingerprint formats.  It is, however, tangentially related only
because part of what Jon and I are discussing is whether the (OPTIONAL!)
hard expiration time should be in a portion of the data structure that
gets included in signature and fingerprint calculations.

Now, whether the user decides to use that optional feature is, of
course, up to the user.  If they choose not to (i.e., leave it at 0)
then the fingerprint (and signatures) would cover the key material
forever.  However if they DO decide to use the feature (and set an
expiration time) then the fingerprint would change if someone tried to
manipulate that expiration time (also invalidating all existing
signatures).

<with my former chair hat on>
Still, this discussion is absolutely completely orthogonal to
fingerprint output formats, using text or image representations, or
whether to include a checksum in the (printed) fingerprint.  For these
types of discussions please use a different thread.
</...hat off>

Thanks,


openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp


-derek

-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Fingerprint, Base32 or Base32C?, Neal H. Walfield
Next by Date:  Re: [openpgp] Fingerprint, Base32 or Base32C?, Derek Atkins
Previous by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Phillip Hallam-Baker
Next by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]