Re: [openpgp] Key expiration ambiguity in rfc4880

Andrew Gallagher <andrewg@andrewg.com> Sat, 08 January 2022 18:55 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C12EA3A07B9 for <openpgp@ietfa.amsl.com>; Sat, 8 Jan 2022 10:55:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.814
X-Spam-Level:
X-Spam-Status: No, score=-2.814 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.714, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amyRJSGeZrX7 for <openpgp@ietfa.amsl.com>; Sat, 8 Jan 2022 10:55:40 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEF363A07B7 for <openpgp@ietf.org>; Sat, 8 Jan 2022 10:55:39 -0800 (PST)
Received: from [IPv6:fc93:5820:7375:ee79:1300::1] (fred [IPv6:fc93:5820:7375:ee79:1300::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 0BDAC5E5C1 for <openpgp@ietf.org>; Sat, 8 Jan 2022 18:55:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1641668136; bh=4jCm7QVTn8nW5g5dAvPd2dWE6oHcZzkbV6mboE3KiKc=; h=To:References:From:Subject:Date:In-Reply-To:From; b=HdneJ3jZL+XMXQEZbKWZcIUIU6r3bNTfj2fcnbljglF0692z65EBgsYPWEZhnqs1i gnKYYCkNWG3F/7ftiIz6qukCo8KcOgnNBSOd4VqYchn24gW7OScZWINKuj8DIcywqP g+14kTmcLCk5fr/+mrcLLmkd0OLDOHX+lWbVBlpeQno2J4RfPZFFaYz4S78cyB2tod TXC5McUaHAkq7TswCciSKLnVPiUdU2IjStMtjHM2isjQWtPmgEbVPGh65mOVB5mBH/ 1HPBNMnwhR79eVwBB06Y3tf17ZfWknXa+LZTZIkwWTwoy8qBMMxNGi9qiaoEHz82Rx pGcoqxPBYxn8g==
To: openpgp@ietf.org
References: <fb1297d3-2aaa-1a2d-00a3-90f5e591143a@andrewg.com>
From: Andrew Gallagher <andrewg@andrewg.com>
Message-ID: <d478c4a5-e7f3-6935-83f8-f4145ba97a1c@andrewg.com>
Date: Sat, 08 Jan 2022 18:55:34 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
In-Reply-To: <fb1297d3-2aaa-1a2d-00a3-90f5e591143a@andrewg.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="3Pcuj9BauQNwfO8EAB63T7dxb5yBCkCYq"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/W0UkeBy5-DtfAHOc8S_YdgTohM0>
Subject: Re: [openpgp] Key expiration ambiguity in rfc4880
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Jan 2022 18:55:46 -0000

On 04/01/2022 14:54, Andrew Gallagher wrote:
> FYI I have just opened merge request 113 [1] to clarify an ambiguity in 
> the definition of key expiry times.

I have opened a further issue 71 [1] to propose deprecating the tricky 
and redundant "Key Expiration Time" subpacket in V5 signatures. It can 
be substituted in all known use cases by the simpler "Signature 
Expiration Time" subpacket, which has compatible semantics and is much 
easier to work with.

[1] https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/71

-- 
Andrew Gallagher