ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] New fingerprint: to v5 or not to v5

2015-10-11 04:02:47
from [Nicholas Cole] [Permanent Link] 
On Saturday, 10 October 2015, Jonathan McDowell <noodles(_at_)earth(_dot_)li> 
wrote:


On Fri, Oct 09, 2015 at 02:44:46PM -0400, Daniel Kahn Gillmor wrote:

 a) don't include any key creation time at all; signatures themselves
    have a creation time, which is sufficient.

 b) include key creation time in the material certified only for
    self-sigs (certifications issued by the key itself).  Do not include
    any key creation time in the material certified by third-parties.

 c) Include creation time of the certified key in the material certified
    for all certifications -- first-party or third-party.

I'm tempted by the simplicity of (a), to be honest.

(b) sounds doable, but i don't know how useful it is to have assertions
from the key of when the key was created, or what to do with situations
where some self-sigs assert a different key creation time than others.
Should we reject or ignore some of them?  if so, which ones?

(c) sounds like trouble -- you'll get self-signed assertions of key
creation time that don't match third-party assertions of key creation
time.  What does that mean?  how should it be represented to the user?
I think this is the issue that Werner was hinting at.

what are the downsides of (a)?  What are the advantages of having a key
creation time at all?  Is it simply that it provides a universally-known
temporal boundary when to accept signatures made by that key?


I've certainly used key creation time as a separate piece of information
to "most recent self-signature". The latter indicates how recently the
key can be seen as still in use / maintained, but the former gives an
idea of how long it's been around and can help when making a decision
about which of multiple keys to use for an individual. I think having
that in the self-sig would work ok (i.e. option b). In general is the
most recent self-sig not the one that should be trusted, with perhaps a
warning if any of the previous ones have a different creation time
listed?




For what it is worth, I think that a secure creation time is probably
useful to some, and should be preserved if possible. If it can be included
in the hashed material for the key (as it currently is) in a way that does
not help people to forge keys, then I think it should be -- including it
only as a piece of signed data is going to allow key owners to manipulate
it.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] New fingerprint: to v5 or not to v5, Jonathan McDowell
Next by Date:  Re: [openpgp] New fingerprint: to v5 or not to v5, Vincent Breitmoser
Previous by Thread:  Re: [openpgp] New fingerprint: to v5 or not to v5, Jonathan McDowell
Next by Thread:  Re: [openpgp] New fingerprint: which hash algo (was: to v5 or not to v5), Tom Ritter
Indexes:  [Date] [Thread] [Top] [All Lists]