On Wed, Apr 29, 2015 at 11:05 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com>
wrote:
Phill,
On Wed, April 29, 2015 10:36 am, Phillip Hallam-Baker wrote:
The reason I raised fingerprints is that it is the only thing that
causes it to make a difference.
Not exactly. It also would affect all signatures on the key.
Precise language is critical. You were confusing people when you
talked about expiring a key. That is impossible for the reason Jon
points out.
If by "key" you purely mean the "N,e" values (in RSA terms) then yes, you
are correct that there is absolutely no way to revoke a key. (PS: I call
this the "key material" specifically to be precise) However if you embed
the expiration time into the Key Packet (see below) then you CAN cause a
validator to raise questions about potentially "bad" signatures if your
private key data gets compromised because any signatures made after the
"hard expiration" would be considered invalid.
For example, what would you do if you saw a signature dated 2014-12-31 on
a key that claimed it was generated on 2015-04-01? (Note that the
generation date *IS* still included in V4, and therefore included in
fingerprint/keyid/signature calculations).
That is precisely why I would not call that a key.
There are two possibilities:
1) A new Key Packet was created that reused an existing key
2) The signature is making a false claim.
There are protocols that allow the generation time of keys to be
established with certainty within tightly controlled bounds.
Specifically, not before one block chain output and not after another.
Possibility (1) does occur by accident rather too often. Specifically
when an insufficiently random pool is used to generate the key :( One
of the things we discovered doing XKMS was that there was a ridiculous
number of duplicates for certain keys...
Now if you include the fingerprint of the KeyPacket within the scope
of the signature, this issue does not occur. Alternatively you can fix
the date of a signature exactly via a blockchain.
I suppose we could raise the question, what is the definition of "revoked"?
Again, I would assert that it is a statement about a certificate, key
packet, key assertion, etc. and not actually a key.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp