Re: draft-ietf-openpgp-rfc2440bis-06.txt

Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de> Sat, 21 September 2002 22:23 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18158 for <openpgp-archive@lists.ietf.org>; Sat, 21 Sep 2002 18:23:53 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8LLsvr03295 for ietf-openpgp-bks; Sat, 21 Sep 2002 14:54:57 -0700 (PDT)
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8LLstw03291 for <ietf-openpgp@imc.org>; Sat, 21 Sep 2002 14:54:56 -0700 (PDT)
Received: from cdc-ws1.cdc.informatik.tu-darmstadt.de (cdc-ws1 [130.83.23.61]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with ESMTP id 285202C8F; Sat, 21 Sep 2002 23:54:52 +0200 (MET DST)
Received: (from moeller@localhost) by cdc-ws1.cdc.informatik.tu-darmstadt.de (8.10.2+Sun/8.10.2) id g8LLsp527434; Sat, 21 Sep 2002 23:54:51 +0200 (MEST)
Date: Sat, 21 Sep 2002 23:54:51 +0200
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Jon Callas <jon@callas.org>
Cc: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Message-ID: <20020921235451.A27418@cdc.informatik.tu-darmstadt.de>
References: <m17siAV-000QdtC@epsilon> <B9B20691.966A%jon@callas.org> <20020921222053.A27171@cdc.informatik.tu-darmstadt.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020921222053.A27171@cdc.informatik.tu-darmstadt.de>; from moeller@cdc.informatik.tu-darmstadt.de on Sat, Sep 21, 2002 at 10:20:53PM +0200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit

On Sat, Sep 21, 2002 at 10:20:53PM +0200, Bodo Moeller wrote:
> On Sat, Sep 21, 2002 at 11:20:49AM -0700, Jon Callas wrote:
>> "Bodo Moeller" <moeller@cdc.informatik.tu-darmstadt.de>;:

>>> I am talking about main keys, not subkeys.  Simply don't set an
>>> expiration time for the signing key if you want to be able to continue
>>> to use it indefinitely.

>> So am I. I'm talking about main keys.
>> 
>> I have a vision where my program might (for example) re-create my
>> self-signature every day with a 48-hour expiration, and upload it to the
>> server.

> But why would you want to do this?!  This key "expiration" does not
> provide any security.  You can just as well submit a key without an
> expiration date; instead of stopping to send updated self-signatures,
> you just stop to use the key.

And assuming there *is* some point in doing self-signature updates
like this, whatever it may be, you should use signature expiration
time sub-packets, not key expiration sub-packets: it's just the
self-signatures that you want to expire, not the key.  So there is no
conflict with the proposed workaround for the key expiration protocol
failure.


-- 
Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de>;
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036