Re: draft-ietf-openpgp-rfc2440bis-06.txt
David Shaw <dshaw@jabberwocky.com> Tue, 24 September 2002 19:52 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10459 for <openpgp-archive@lists.ietf.org>; Tue, 24 Sep 2002 15:52:12 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OJcmh08721 for ietf-openpgp-bks; Tue, 24 Sep 2002 12:38:48 -0700 (PDT)
Received: from claude.kendall.corp.akamai.com (fw01.cmbrmaks.akamai.com [80.67.64.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8OJclv08717 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 12:38:47 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.corp.akamai.com (8.11.6/8.11.6) id g8OJcjM21245 for ietf-openpgp@imc.org; Tue, 24 Sep 2002 15:38:45 -0400
Date: Tue, 24 Sep 2002 15:38:44 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Message-ID: <20020924193844.GC17451@akamai.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <00c001c263fb$a8d70480$f0c12609@transarc.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <00c001c263fb$a8d70480$f0c12609@transarc.ibm.com>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On Tue, Sep 24, 2002 at 02:53:23PM -0400, Michael Young wrote: > A moment ago, I agreed with Jon's assertion that: > > >Key expirations are not "my" system. They're the way the OpenPGP works. If > > I agree with Jon's analysis. Certainly, key expirations as they > > are defined now are rewriteable. His example (periodically > > Sigh. Perhaps I shouldn't have been quite so quick to agree. > The last few drafts have included language on rewriting self-signatures, > but I can't find any in the "original" (http://www.ietf.org/rfc/rfc2440.txt). > This makes it a little hard to assert that this is just "how OpenPGP works". > > BUT... this is "how GnuPG works" with respect to the act of > rewriting, and it may just be "how PGP and GnuPG work" with > respect to interpreting multiple expiration times. > > Bodo an David have proposed using the key-expiration[9] and > (self-)signature-expiration[3] subpackets as "hard" and "soft" > flavors. One could implement Jon's "rolling expiration" > scenarios with the self-signatures. Whoah - I am not proposing that. My comments were in the context of how a potential v5 key format could work (and as a side note on how GnuPG handles a v3 key with a v4 selfsig). That's all. As I see it, without an expiration date *in the key packet*, there is no true "hard" expiration date. I agree with Jon's analysis. > Alas, neither PGP(6.5) nor GnuPG(1.0.6) generates a signature- > expiration[3] subpacket. GnuPG's expiration-changing function > operates on the key-expiration[9] subpacket. GnuPG 1.0.6 is fairly old now. More recent versions allow the (determined) user to generate themselves an expiring self-signature (via subpacket 3). When that self-signature expires, the user ID it binds (not the key) becomes invalid. Of course, you then end up with a key with no valid user IDs. This is as per 5.2.3.3. "Notes on Self-Signatures" in bis-06. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Expiration semantics (Re: draft-ietf-openpgp-rfc2… Michael Young
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- More on key expiration policy (Re: draft-ietf-ope… Michael Young
- Re: More on key expiration policy (Re: draft-ietf… Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: Expiration semantics (Re: draft-ietf-openpgp-… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt disastry
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Adrian von Bidder
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller