We have been going round on the question of how to validate a
signature for 25 years now. I have yet to see a rigorous approach with
S/MIME or PGP and I suspect that is because it is impossible to
address the problem using just a signature. But the problem can be
addressed quite easily with a blockchain approach.
The first thing to do is to draw up a lifecycle for the keybinding as
a finite state machine:
[Valid]
Expire -> [Expired]
Revoke -> [Revoked]
[Expired]
Revoke -> [Revoked]
The next thing to do is to decide why you are checking the signature:
1) To see if the key holder still backs an assertion
2) To see if the key holder backed an assertion at the time the
signature was created
3) To see if the key holder backed an assertion at the time the
signature was received
The mapping of these criteria to the state machine states is pretty
straightforward.
If we are checking key signings, certificate chains, SAML assertions,
etc. we have a type 1 problem. If we are checking a contract in an
archive system then we have a type 2 problem. But for email, we have a
type 3 situation.
Working with existing infrastructure, the way to check the signature
of PGP mail would be to look at the time the message was received.
The way to solve the problem comprehensively is to intern all key
bindings and signatures in an unforgeable notary log as they are
created.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp