Re: draft-ietf-openpgp-rfc2440bis-06.txt
David Shaw <dshaw@jabberwocky.com> Tue, 24 September 2002 17:16 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA06434 for <openpgp-archive@lists.ietf.org>; Tue, 24 Sep 2002 13:16:23 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OH5a129315 for ietf-openpgp-bks; Tue, 24 Sep 2002 10:05:36 -0700 (PDT)
Received: from claude.kendall.corp.akamai.com (fw01.cmbrmaks.akamai.com [80.67.64.10]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8OH5Zv29311 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 10:05:35 -0700 (PDT)
Received: (from dshaw@localhost) by claude.kendall.corp.akamai.com (8.11.6/8.11.6) id g8OH5Wb15311 for ietf-openpgp@imc.org; Tue, 24 Sep 2002 13:05:32 -0400
Date: Tue, 24 Sep 2002 13:05:32 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Message-ID: <20020924170532.GA1593@akamai.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <3D908DF1.F6739425@saiknes.lv>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <3D908DF1.F6739425@saiknes.lv>
X-PGP-Key: 99242560 / 7D92 FD31 3AB6 F373 4CC5 9CA1 DB69 8D71 9924 2560
X-URL: http://www.jabberwocky.com/
User-Agent: Mutt/1.5.1i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On Tue, Sep 24, 2002 at 06:08:17PM +0200, disastry@saiknes.lv wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Bodo Moeller wrote: > > Of course the one problem we cannot avoid is that the legitimate owner > > of the key cannot keep the key alive indefinitely. This is because > > this "problem" is exactly the security feature that me and Florian > > Weimer and Derek Atkins want to have: we don't want the bad guy to be > > able to unexpire the key if he gets hold of the secret key. > > so set key expiration in direct key signature. there can be only > one direct key signature. direct key signature is self signature (5.2.3.3) > so key expiration can be set in it. (though most PGP implementations may > not recognize key expiration in direct key signature....) It is not true that there can be only one direct key signature. In fact, in certain cases you pretty much must have more than one. For example, if you have multiple designated revokers which are all sensitive. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Expiration semantics (Re: draft-ietf-openpgp-rfc2… Michael Young
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- More on key expiration policy (Re: draft-ietf-ope… Michael Young
- Re: More on key expiration policy (Re: draft-ietf… Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: Expiration semantics (Re: draft-ietf-openpgp-… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt disastry
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Adrian von Bidder
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller