Re: More on key expiration policy (Re: draft-ietf-openpgp-rfc2440bis-06.txt)

David Shaw <> Tue, 24 September 2002 13:12 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id JAA26019 for <>; Tue, 24 Sep 2002 09:12:44 -0400 (EDT)
Received: (from majordomo@localhost) by (8.11.6/8.11.3) id g8OD2mK16302 for ietf-openpgp-bks; Tue, 24 Sep 2002 06:02:48 -0700 (PDT)
Received: from localhost.localdomain ( []) by (8.11.6/8.11.3) with ESMTP id g8OD2lv16298 for <>; Tue, 24 Sep 2002 06:02:47 -0700 (PDT)
Received: (from dshaw@localhost) by localhost.localdomain (8.11.6/8.11.6) id g8OD2ao00387 for; Tue, 24 Sep 2002 09:02:36 -0400
Date: Tue, 24 Sep 2002 09:02:36 -0400
From: David Shaw <>
To: OpenPGP <>
Subject: Re: More on key expiration policy (Re: draft-ietf-openpgp-rfc2440bis-06.txt)
Message-ID: <>
Mail-Followup-To: OpenPGP <>
References: <> <00d101c2634b$1b4e2b80$> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
User-Agent: Mutt/1.5.1i
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On Tue, Sep 24, 2002 at 10:58:38AM +0200, Bodo Moeller wrote:

> < By default GnuPG uses the expiration date of the self-signature as the
> < one for a key signature.  This is on Florian Weimer's request and afaik
> < is sufficient for him and his use of the PGP PKI.
> I hope Werner meant the *key* expiration date from the self-signature,
> not the *signature* expiration date from the self-signature.  These
> are different packet types.  Key expiration dates may be present only
> in self-signatures according to the OpenPGP specification, so they
> should be translated into signature expiration dates when certifying
> keys; see Florians request at
> <URL:>:

It is the key expiration date (i.e. subpacket 9, not subpacket 3).  I
want to point out that this is not something that GnuPG forces on the
user.  If a key has an expiration date, GnuPG prompts the user "This
key is due to expire on x/x/x.  Do you want your signature do expire
at the same time? (Y/n)".  If the signing user says "yes" (the
default), then that happens.  If the signing user says no, then they
are free to pick any expiration time, or none at all.  I think that is
the most appropriate solution here as the signer is still free to do
whatever they like.

In an ideal world (which we are not in), I think that a solution that
would solve all the concerns here is to define a v5 key format.  It
could contain an expiration date as part of the key, just like in v3
keys.  The expiration date in the key is the "hard" expiration.  The
user can shorten, but not extend, this via the "soft" expiration date
given in the self-signature.  (Incidentally, this is what GnuPG does
when it encounters v3 keys with v4 self-signatures.)  Of course, a new
key format would be brutal for interoperability, so is not a good


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson