ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] rfc3880bis - hard expiration time

2015-05-05 08:44:08
from [Derek Atkins] [Permanent Link] 
Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:


On Mon, May 4, 2015 at 9:20 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com> 
wrote:

Phillip Hallam-Baker <phill(_at_)hallambaker(_dot_)com> writes:


If by "key" you purely mean the "N,e" values (in RSA terms) then yes, you
are correct that there is absolutely no way to revoke a key.  (PS: I call
this the "key material" specifically to be precise)  However if you embed
the expiration time into the Key Packet (see below) then you CAN cause a
validator to raise questions about potentially "bad" signatures if your
private key data gets compromised because any signatures made after the
"hard expiration" would be considered invalid.

For example, what would you do if you saw a signature dated 2014-12-31 on
a key that claimed it was generated on 2015-04-01?  (Note that the
generation date *IS* still included in V4, and therefore included in
fingerprint/keyid/signature calculations).


That is precisely why I would not call that a key.


Sorry, but that horse has already left the barn.  This is precisely
OpenPGP nomenclature.  A Key is a packet that contains a set of data,
part of which is what I would call the "Key Material" but it also
includes other data.


It is not the nomenclature of the field.


Umm, it is exactly the nomenclature PGP/OpenPGP has been using since,
oh, 1992.  It may not match the X509/PKIX world, but lucky for us we
don't have to do that.  :-D


People are getting confused. And no wonder. People don't know if what
you are talking about is a public key or a PGP 'key'. And you seem to
be getting confused yourself.


No, I know exactly what I'm talking about, but trying to explain it to
people that don't innately grok the (Open)PGP nomenclature requires the
use of additional phrases.  A PGP Key (aka Key) is a packet that
contains a version, algorithm, key material, creation date, etc.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek(_at_)ihtfp(_dot_)com             www.ihtfp.com
       Computer and Internet Security Consultant

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] rfc3880bis - hard expiration time, Derek Atkins
Next by Date:  Re: [openpgp] rfc3880bis - hard expiration time, Phillip Hallam-Baker
Previous by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Christoph Anton Mitterer
Next by Thread:  Re: [openpgp] rfc3880bis - hard expiration time, Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]