ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Key Validity Scenarios

2015-05-07 23:44:46
Hi Vincent--

On Tue 2015-05-05 16:04:20 -0400, Vincent Breitmoser wrote:
Bringing up a topic related to expirations, one thing that has bothered
me for a while is that the validity periods of keys, in terms of
expiration and revocation, are very ambiguous.

Thanks for raising this.

Your subject line is about "key validity", but all your scenarios below
are about "signature validity".

Much of this is covered in the "Reason for Revocation" section of RFC
4880 already:

  https://tools.ietf.org/html/rfc4880#section-5.2.3.23

Consider these scenarios:

- Key expired two weeks ago. Status of a signature from three weeks ago?

This is a "valid signature from an expired key", which means "the
keyholder made this assertion with their key at a time that the key was
legitimate for them to use."

- Key revoked two weeks ago, because it was compromised. Status of a
  signature from three weeks ago?

This is an "invalid signature", because it was made with a compromised
key.  Compromised keys can forge any date they like in the signature, so
nothing about them can be relied on.

- Key revoked two weeks ago, because no reason given. Status of a
  signature from three weeks ago?

This is also an "invalid signature".  if no reason was given, we should
assume the worst.

- Key revoked two weeks ago, because it was superseded. Status of a
  signature from three weeks ago?

This is a "valid signature from a revoked key", which means "the
keyholder made this assertion with their key at a time that the key was
legitimate for them to use."

Note that there are really only two cases here, given that the signing
key (whether revoked or expired) is considered not currently valid.

The two cases are:

 a) invalid signature (should never be relied on for anything)
 b) valid signature from a no-longer-valid key

It's pretty straightforward to dismiss signatures that fall into
category (a).

It is harder to know generically what to do what to do with signatures
in category (b), because that gets into "trust models".  Trust models
are attempts to formalize/standardize who should be willing to rely on
which cryptographic assertions for what purpose.

So dealing with a signature from category (b), how i would interpret it
would very much depends on what the signature was (data signature over
signed e-mail?  identity certification?  authorization statement
delegating access to a service?), who the keyholder is, and what
question i'm trying to answer by reviewing the signature.  It might also
depend on how much time was elapsed, and other human factors that might
not be directly implementable in software.

hth,

        --dkg

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>