[openpgp] Key expiration ambiguity in rfc4880
Andrew Gallagher <andrewg@andrewg.com> Tue, 04 January 2022 14:54 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A01E3A1D25 for <openpgp@ietfa.amsl.com>; Tue, 4 Jan 2022 06:54:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQqTfJpPkDKD for <openpgp@ietfa.amsl.com>; Tue, 4 Jan 2022 06:54:35 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EAB83A1D24 for <openpgp@ietf.org>; Tue, 4 Jan 2022 06:54:34 -0800 (PST)
Received: from [IPv6:fc93:5820:7375:ee79:1300::1] (fred [IPv6:fc93:5820:7375:ee79:1300::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id AC6D65E5C1 for <openpgp@ietf.org>; Tue, 4 Jan 2022 14:54:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1641308069; bh=BngTOeGpbeSLA6zFc0/7rlQDGDC/LnTlva2EOKrwj9c=; h=To:From:Subject:Date:From; b=YeAMgbL8LpMb+0kJW+Sa+P3z8o0cCHG/7eDiWyw423vRGp+Km99ODqX13m685td9X SmT7jAHxpSl8k1SvMqol4WMfQ138W8T9Q6d4rwdiq6sBuyWq7yN30VSYEyzbwFtJKf WNdXqyio0mCm/dOf5D/CLTQznklCKCPdQRdd3spyB1YxwE8LcVZdGU2+9eSfSkN7Pz MV7FCBH16MCTrZWtlLLmSRgqQM9Y5tiSZk8hPIjBrhlfZCKpxDbpYh7+gBOQLL13jp 0uUvpuzasS4gs9UasA2abABGFz8RLZCYOfhQP6AKKEp6xssf/FDDALdh3j9WcdqDWF KOZAavG39R7EA==
To: openpgp@ietf.org
From: Andrew Gallagher <andrewg@andrewg.com>
Message-ID: <fb1297d3-2aaa-1a2d-00a3-90f5e591143a@andrewg.com>
Date: Tue, 04 Jan 2022 14:54:27 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="JDU1HtVy0VG5hbLV0JqUIv0gaJek6qxf1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZoVmO7r-4agKW2zT6fMw3rIxiY0>
Subject: [openpgp] Key expiration ambiguity in rfc4880
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jan 2022 14:54:40 -0000
FYI I have just opened merge request 113 [1] to clarify an ambiguity in
the definition of key expiry times. RFC4880 currently states:
5.2.3.3. Notes on Self-Signatures
...
Subpackets that appear in a certification self-signature
apply to the user name, and subpackets that appear in the subkey
self-signature apply to the subkey. Lastly, subpackets on the
direct-key signature apply to the entire key.
and:
5.2.3.6. Key Expiration Time
(4-octet time field)
The validity period of the key. This is the number of seconds after
the key creation time that the key expires. If this is not present
or has a value of zero, the key never expires. This is found only on
a self-signature.
Most implementations interpret these paragraphs as meaning that subkey
expiration times are calculated relative to the subkey's own creation
time. However, it has been discovered [2] that Hockeypuck (uniquely?)
uses the primary key creation time to calculate subkey expirations. This
has led to odd situations where some subkeys appear to expire earlier
than intended - and in some cases before they were created.
This is merely a cosmetic issue in Hockeypuck, as subkey expiration
times are only calculated (AIUI) for human-readable display purposes;
however it does expose a potential ambiguity in the RFC that IMO should
be tidied up. To this end, I propose to insert the following into
section 5.2.3.6:
```
For a direct signature, the key creation time is that of the primary key.
For a subkey binding signature, the key creation time is that of the subkey.
```
[1] https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/113
[2] https://github.com/hockeypuck/hockeypuck/issues/140
--
Andrew Gallagher
- [openpgp] Key expiration ambiguity in rfc4880 Andrew Gallagher
- Re: [openpgp] Key expiration ambiguity in rfc4880 Andrew Gallagher
- Re: [openpgp] Key expiration ambiguity in rfc4880 Andrew Gallagher