Re: draft-ietf-openpgp-rfc2440bis-06.txt

disastry@saiknes.lv Tue, 24 September 2002 16:23 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04499 for <openpgp-archive@lists.ietf.org>; Tue, 24 Sep 2002 12:23:12 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OGDha26429 for ietf-openpgp-bks; Tue, 24 Sep 2002 09:13:43 -0700 (PDT)
Received: from hackserv.saiknes.lv (hackserv.klinkmann.lv [195.2.103.8]) by above.proper.com (8.11.6/8.11.3) with SMTP id g8OGDev26424 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 09:13:42 -0700 (PDT)
Received: from saiknes.lv (unverified [195.2.103.8]) by hackserv.saiknes.lv (SMTPRCV 0.45) with SMTP id <B0001614291@hackserv.saiknes.lv>; Tue, 24 Sep 2002 18:08:17 0200
Message-ID: <3D908DF1.F6739425@saiknes.lv>
Date: Tue, 24 Sep 2002 18:08:17 +0200
From: disastry@saiknes.lv
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en,lv,ru
MIME-Version: 1.0
To: ietf-openpgp@imc.org
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Bodo Moeller wrote:
> Of course the one problem we cannot avoid is that the legitimate owner
> of the key cannot keep the key alive indefinitely.  This is because
> this "problem" is exactly the security feature that me and Florian
> Weimer and Derek Atkins want to have: we don't want the bad guy to be
> able to unexpire the key if he gets hold of the secret key.

so set key expiration in direct key signature. there can be only
one direct key signature. direct key signature is self signature (5.2.3.3)
so key expiration can be set in it. (though most PGP implementations may
not recognize key expiration in direct key signature....)

5.2.3.6. Key expiration time
   (4 octet time field)
   The validity period of the key.  This is the number of seconds after
   the key creation time that the key expires.  If this is not present
   or has a value of zero, the key never expires. This is found only on
                                                          ^^^^^^^^^^^^^
   a self-signature.
   ^^^^^^^^^^^^^^^^   

5.2.3.3. Notes on Self-Signatures
   A self-signature is a binding signature made by the key the
   signature refers to. There are three types of self-signatures, the
   certification signatures (types 0x10-0x13), the direct-key signature
                                               ^^^^^^^^^^^^^^^^^^^^^^^^
   (type 0x1f), and the subkey binding signature (type 0x18).

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp
 ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPZBxrDBaTVEuJQxkEQPdiwCgsuV/1HKjEyJLLFe7QFGWNfg205sAoJyi
0yuLte8T0wJyyBPh3A+g62dr
=BtSp
-----END PGP SIGNATURE-----