Re: draft-ietf-openpgp-rfc2440bis-06.txt

Werner Koch <wk@gnupg.org> Sat, 21 September 2002 10:12 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08378 for <openpgp-archive@lists.ietf.org>; Sat, 21 Sep 2002 06:12:32 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g8LA2E808794 for ietf-openpgp-bks; Sat, 21 Sep 2002 03:02:14 -0700 (PDT)
Received: from porta.u64.de (porta.u64.de [194.77.88.106]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8LA28k08772 for <ietf-openpgp@imc.org>; Sat, 21 Sep 2002 03:02:09 -0700 (PDT)
Received: from uucp by kasiski.gnupg.de with local-rmail (Exim 3.32 #1 (Debian)) id 17siN8-0004Gx-00; Sat, 21 Sep 2002 13:24:26 +0200
Received: from wk by alberti.gnupg.de with local (Exim 3.35 #1 (Debian)) id 17sh2o-0002Ge-00; Sat, 21 Sep 2002 11:59:22 +0200
To: Jon Callas <jon@callas.org>
Cc: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>, OpenPGP <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
References: <B9B15B23.962C%jon@callas.org>
From: Werner Koch <wk@gnupg.org>
X-PGP-KeyID: 621CC013
X-Request-PGP: finger://wk@g10code.com
X-FSFE-Info: http://fsfeurope.org
Organisation: g10 Code GmbH
Date: Sat, 21 Sep 2002 11:59:22 +0200
In-Reply-To: <B9B15B23.962C%jon@callas.org> (Jon Callas's message of "Fri, 20 Sep 2002 23:09:23 -0700")
Message-ID: <87wupfbr45.fsf@alberti.gnupg.de>
Lines: 25
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Fri, 20 Sep 2002 23:09:23 -0700, Jon Callas said:

> My opinion (still) is that it isn't a bug, it's a feature. I want someday to
> make keys that have short-lived self-signatures on them that are regularly

I fully agree.  Furthermore, due to the possibility to set an
expiration date on a key signatature, a "CA" gains the same effect as
with an expiration date on the key.  It is about what a trusted
authority sees as a sound expiration date.  This may either be a key
signator by using the signature expiration time or the key owner by
setting the expiration date on his key signatures (self-signature).

PGP has the tradtion to to let the user decide and not some other
entity.  With the OpenPGP model the user is even free to ask a CA to
set an expiration date on their key signature.  

By default GnuPG uses the expiration date of the self-signature as the
one for a key signature.  This is on Florian Weimer's request and afaik
is sufficient for him and his use of the PGP PKI.


Salam-Shalom,

   Werner