Re: draft-ietf-openpgp-rfc2440bis-06.txt
moeller@cdc.informatik.tu-darmstadt.de (Bodo Moeller) Sun, 22 September 2002 07:57 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA03915 for <openpgp-archive@lists.ietf.org>; Sun, 22 Sep 2002 03:57:15 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8M7oXV09282 for ietf-openpgp-bks; Sun, 22 Sep 2002 00:50:33 -0700 (PDT)
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8M7oUv09274 for <ietf-openpgp@imc.org>; Sun, 22 Sep 2002 00:50:31 -0700 (PDT)
Received: from localhost (cdc-info [130.83.23.100]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with SMTP id 31F402C8F; Sun, 22 Sep 2002 09:50:29 +0200 (MET DST)
Received: id <m17t1U3-000QdtC@epsilon>; Sun, 22 Sep 2002 09:48:51 +0200 (CEST)
Message-Id: <m17t1U3-000QdtC@epsilon>
Date: Sun, 22 Sep 2002 09:48:51 +0200
To: ietf-openpgp@imc.org, Jon Callas <jon@callas.org>
From: moeller@cdc.informatik.tu-darmstadt.de
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
In-Reply-To: <B9B24675.9692@jon>
References: <20020921235451.A27418@cdc.informatik.tu-darmstadt.de> <B9B24675.9692@jon>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
Jon Callas <jon@callas.org>: > "Bodo Moeller" <moeller@cdc.informatik.tu-darmstadt.de>: >> And assuming there *is* some point in doing self-signature updates >> like this, whatever it may be, you should use signature expiration >> time sub-packets, not key expiration sub-packets: it's just the >> self-signatures that you want to expire, not the key. So there is no >> conflict with the proposed workaround for the key expiration protocol >> failure. > What I want is something of a dead-man's switch on my own key (and on other > people's -- Werner is correct in noting that this requires client work, > server work, and there are a lot of cool features you can load on this). If > someone stops using their key, then it expires after some reasonable time, > whether that reasonable time is measured in hours, days, or months. So use *signature* expiration on the self-signatures for this. In your scenario, you specifically don't want the key to finally expire if someone stops updating it, you just want to avoid having valid self-signatures present. > On the flip side of this, let's imagine that I certify Alice's key. When I > certify it, I'm stating that I believe it belongs to her. If she has a > dead-woman's switch on her key, it doesn't change my statement. If I wanted > to limit the duration of my statement, that option was available to me. If > Alice permits her key to expire, I still believe it's her key! It might have become someone else's key too, that's the problem with this: one reason for setting an expiry date is the expectation that the key may no longer be secure after some time, be it because of worries about keylengths or because you don't want to keep the hard-disks of your old computers in a safe forever. > It may be > expired, but it's still her key. She could always un-expire it by putting a > new self-sig on it. If I don't like all of this, I always have the option of > revoking my signature, as well. Compared with key expiry (and I mean final expiry that cannot simply be undone by anyone who has gotten hold of the secret key), revocation is somewhat of a kludge. In some situations it is the best you can do, but the problem is that the semantics is not monotonous. This may be fun for AI people, but security folks should be worried about the ramifications of denial of service attacks (nothing guarantees that the revocation reaches everyone who should know about it). -- Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Expiration semantics (Re: draft-ietf-openpgp-rfc2… Michael Young
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- More on key expiration policy (Re: draft-ietf-ope… Michael Young
- Re: More on key expiration policy (Re: draft-ietf… Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: Expiration semantics (Re: draft-ietf-openpgp-… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt disastry
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Adrian von Bidder
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller