Phill,
On Wed, April 29, 2015 10:36 am, Phillip Hallam-Baker wrote:
On Wed, Apr 29, 2015 at 10:02 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com>
wrote:
[snip]
On the face of it, talking about hard expiration times has NOTHING to do
with fingerprint formats. It is, however, tangentially related only
because part of what Jon and I are discussing is whether the (OPTIONAL!)
hard expiration time should be in a portion of the data structure that
gets included in signature and fingerprint calculations.
The reason I raised fingerprints is that it is the only thing that
causes it to make a difference.
Not exactly. It also would affect all signatures on the key.
Precise language is critical. You were confusing people when you
talked about expiring a key. That is impossible for the reason Jon
points out.
If by "key" you purely mean the "N,e" values (in RSA terms) then yes, you
are correct that there is absolutely no way to revoke a key. (PS: I call
this the "key material" specifically to be precise) However if you embed
the expiration time into the Key Packet (see below) then you CAN cause a
validator to raise questions about potentially "bad" signatures if your
private key data gets compromised because any signatures made after the
"hard expiration" would be considered invalid.
For example, what would you do if you saw a signature dated 2014-12-31 on
a key that claimed it was generated on 2015-04-01? (Note that the
generation date *IS* still included in V4, and therefore included in
fingerprint/keyid/signature calculations).
So yes, while you could still reuse the "key materal" in a new "key"
(again, see below for nomenclature), if we returned the hard expiration
value (ala V3) then it would be a "different" key, which a distinct
keyid/fingerprint. It means the WoT would do its job (existing signatures
would not apply to the "new" key with the "old" (copied) key material.
And signatures made with the new key would either use the new keyid (going
back to the WoT non-verified key) or, if they tried to fake it as use the
original keyid would revert back to my argument of the previous paragraph,
where the dates would need to be forged too which, eventually, stop making
sense.
I suppose we could raise the question, what is the definition of "revoked"?
Using the terms 'key' and 'key binding assertion' interchangeably
leads to confusion.
I've not been using those terms interchangeably. If I have please refer
me to my messages where I did so I can make sure I clarify my statements.
For the record, when I say "Key" I mean the OpenPGP Public Key Packet
(c.f. RFC4880 sec 5.5.2). When I say "key binding assertion" (which I
really don't -- I use the phrase "signature" or "selfsig") I am referring
to... a signature. ala RFC4880 sec 5.2).
Thanks,
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp