Hey OpenPGP folks,
I have a question regarding expiration dates.
As far as I understand, keys can have expiration dates, which are
described via the KeyExpirationDate subpacket inside a signature.
This works quite well, as if I want to change a key expiration date, I
just create a new signature with the updated key expiration date inside
and be done.
Now, lets talk about user-id expiration dates. I can model these by
setting a signature expiration date in the user-id certification
signature. Once the signature expires, the binding between the key and
the user-id expires with it, hence the user-id expires.
However, if I want to shorten the expiration period of a user-id (e.g. I
want to switch from an expiration date in 2 years to one in 2 weeks
because I got laid off earlier than expected), there arises a problem.
If I simply use the same technique and create a new user-id
certification signature, but with an earlier expiration date, the
signature will expire at the new expiration date. However, now the older
user-id binding signature is still valid until the old expiration date,
as is the user-id.
If signatures "overlay" (which, as I understood so far, they do), there
is no way to shorten the expiration date of a user-id.
A possible solution would be to first revoke the old user-id signature
and then add the certification signature with the new expiration date,
but that sounds like a hacky solution as it requires multiple signatures
to be made.
Another solution would be to only take the very latest user-id
certification signature into consideration when calculating the
expiration date, but my intuition tells me that's also not right.
How do other implementations handle this? What is the way the
specification intends me to solve this?
PS: I know that expiration dates are modeled as duration after
key/signature creation, but its easier to talk about expiration dates as
dates.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp