Re: draft-ietf-openpgp-rfc2440bis-06.txt

Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de> Tue, 24 September 2002 15:18 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA01974 for <openpgp-archive@lists.ietf.org>; Tue, 24 Sep 2002 11:18:35 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OF8OQ22878 for ietf-openpgp-bks; Tue, 24 Sep 2002 08:08:24 -0700 (PDT)
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8OF8Mv22872 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 08:08:22 -0700 (PDT)
Received: from cdc-ws13.cdc.informatik.tu-darmstadt.de (cdc-ws13 [130.83.23.73]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with ESMTP id 353B52C91; Tue, 24 Sep 2002 17:08:23 +0200 (MET DST)
Received: (from moeller@localhost) by cdc-ws13.cdc.informatik.tu-darmstadt.de (8.10.2+Sun/8.10.2) id g8OF8L304462; Tue, 24 Sep 2002 17:08:21 +0200 (MEST)
Date: Tue, 24 Sep 2002 17:08:20 +0200
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Derek Atkins <derek@ihtfp.com>
Cc: Jon Callas <jon@callas.org>, OpenPGP <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Message-ID: <20020924170820.A4457@cdc.informatik.tu-darmstadt.de>
References: <Pine.LNX.4.30.QNWS.0209231142100.22100-100000@thetis.deor.org> <B9B54633.9809%jon@callas.org> <20020924103826.D3563@cdc.informatik.tu-darmstadt.de> <sjmsmzzmp2l.fsf@kikki.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <sjmsmzzmp2l.fsf@kikki.mit.edu>; from derek@ihtfp.com on Tue, Sep 24, 2002 at 10:37:06AM -0400
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

On Tue, Sep 24, 2002 at 10:37:06AM -0400, Derek Atkins wrote:

> Before you go putting words in my mouth...

I didn't.  You wrote:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
From: Derek Atkins <derek@ihtfp.com>;
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt

> Please point out an advantage of *key* expiration over
> *self-signature* expiration in that scenario.

A bad guy gets a copy of my private key..  If there is a key
expiration then they cannot keep it alive indefinitely.  Or is key
compromise not an attack you care about? ;)
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

So apparently you think that key expiration should be final while
self-signature expiration is not.  If you have a different
interpretation of what you wrote, I'd like to hear it.


> [...]                            I agree with Jon that you need to
> separate out the "this key is alive" from "this key is dead".  The
> "Keepalives" are self-signatures with limited lifetimes.

This is exactly what I am saying: use self-signatures with limited
lifetime (subpacket type 3) if you want to be able to keep the key
alive by re-signing later.  And use self-signatures with a key
expiration time (subpacket type 9) only if you want the key to finally
expire by then.

We have these two different subpacket types, so why not use them?!


-- 
Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de>;
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036