IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Christoph Anton Mitterer <calestyo@scientia.net> Mon, 27 April 2015 15:03 UTC

Return-Path: <calestyo@scientia.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D67AF1A879A for <openpgp@ietfa.amsl.com>; Mon, 27 Apr 2015 08:03:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bP6dwTNw8Syo for <openpgp@ietfa.amsl.com>; Mon, 27 Apr 2015 08:03:45 -0700 (PDT)
Received: from mailgw02.dd24.net (mailgw-02.dd24.net [193.46.215.43]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14E851A8755 for <openpgp@ietf.org>; Mon, 27 Apr 2015 08:03:45 -0700 (PDT)
Received: from mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.27]) by mailgw02.dd24.net (Postfix) with ESMTP id E7C555FAE3 for <openpgp@ietf.org>; Mon, 27 Apr 2015 15:03:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mailpolicy-02.live.igb.homer.key-systems.net
Received: from mailgw02.dd24.net ([192.168.1.36]) by mailpolicy-01.live.igb.homer.key-systems.net (mailpolicy-02.live.igb.homer.key-systems.net [192.168.1.25]) (amavisd-new, port 10236) with ESMTP id JDRKIS-zMytO for <openpgp@ietf.org>; Mon, 27 Apr 2015 15:03:42 +0000 (UTC)
Received: from heisenberg.fritz.box (ppp-188-174-18-198.dynamic.mnet-online.de [188.174.18.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailgw02.dd24.net (Postfix) with ESMTPSA for <openpgp@ietf.org>; Mon, 27 Apr 2015 15:03:42 +0000 (UTC)
Message-ID: <1430147021.15361.16.camel@scientia.net>
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: openpgp@ietf.org
Date: Mon, 27 Apr 2015 17:03:41 +0200
In-Reply-To: <sjmoam94pkk.fsf@securerf.ihtfp.org>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <1429543533.24823.73.camel@scientia.net> <2142458E-1636-4E3B-8CCE-36078AFC02C9@callas.org> <1429922158.4659.43.camel@scientia.net> <sjmoam94pkk.fsf@securerf.ihtfp.org>
Content-Type: multipart/signed; micalg="sha-512"; protocol="application/x-pkcs7-signature"; boundary="=-UdK1zJtv303cwoEEp6hR"
X-Mailer: Evolution 3.12.9-1+b1
Mime-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/G-hFVsuNTjkkk1BC9XiEUHeytSk>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2015 15:03:47 -0000

On Mon, 2015-04-27 at 10:24 -0400, Derek Atkins wrote: 
> > It's not part of the v4 keys, and I can't recall a section which makes
> > the key exp sig subpacket mandatory.
> I read 4880 again and I'm afraid I was wrong and you are correct; the
> key expiration was removed in v4 keys.
No worries :) 


> Having the subpacket mandatory doesn't help, because the self-sig can
> always be reissued.
Sure,.. I meant the key packet shouldn't be designed in such a way, that
"absence" of the expiration time field is interpreted as "infinite".
That one zero field doesn't harm and I think it's generally better to
explicitly store things.


> > Anyway, the idea for making it mandatory has less to do with the
> > immutable vs. mutable question... it's rather based on the idea that we
> > should IMHO try to strengthen and clarify the whole message format.
> > E.g. I think we should convert the critical-bit to be a non-critical
> > bit. e.g. everything is considered critical unless explicitly specified
> > not to be.
> 
> With it being in the self-sig there is no way to make it immutable.  I
> could take the top-level key packet and create a new self-sig on it with
> a different key-expiration subpacket.  All other signatures on the key
> will remain valid (because they don't include the self-sig), and the key
> fingerprint wont change (because it doesn't include the selfsig, either).
Sure... that's what I'm trying to write since some days now :-)

v2.23.0 | Report a Bug | By Email