Re: draft-ietf-openpgp-rfc2440bis-06.txt
Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de> Mon, 23 September 2002 18:10 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA19201 for <openpgp-archive@lists.ietf.org>; Mon, 23 Sep 2002 14:10:00 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8NI2vh10129 for ietf-openpgp-bks; Mon, 23 Sep 2002 11:02:57 -0700 (PDT)
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8NI2tv10125 for <ietf-openpgp@imc.org>; Mon, 23 Sep 2002 11:02:55 -0700 (PDT)
Received: from cdc-ws13.cdc.informatik.tu-darmstadt.de (cdc-ws13 [130.83.23.73]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with ESMTP id 87F672C8E; Mon, 23 Sep 2002 20:02:56 +0200 (MET DST)
Received: (from moeller@localhost) by cdc-ws13.cdc.informatik.tu-darmstadt.de (8.10.2+Sun/8.10.2) id g8NI2st03502; Mon, 23 Sep 2002 20:02:54 +0200 (MEST)
Date: Mon, 23 Sep 2002 20:02:54 +0200
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Richie Laager <rlaager@wiktel.com>
Cc: 'Derek Atkins' <derek@ihtfp.com>, 'Jon Callas' <jon@callas.org>, 'OpenPGP' <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Message-ID: <20020923200254.A3493@cdc.informatik.tu-darmstadt.de>
References: <20020923160102.A3035@cdc.informatik.tu-darmstadt.de> <000e01c26329$65730180$20a63992@umcrookston.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <000e01c26329$65730180$20a63992@umcrookston.edu>; from rlaager@wiktel.com on Mon, Sep 23, 2002 at 12:48:16PM -0500
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 8bit
On Mon, Sep 23, 2002 at 12:48:16PM -0500, Richie Laager wrote: >> Yes he can -- this is exactly the problem [1] that I want to solve >> with my suggested change to the specification. The way Jon wants >> to use key expiration, the bad guy can keep the key alive >> indefinitely. I call this a protocol failure, he calls it a >> feature. > I've been following this thread somewhat, and I have the following > suggestion: [...] Did you read my original message from the mailing list archives? There is a simple workaround for the protocol failure, which does not have the problems of your proposal: whenever someone certifies someone else's key, then if this key has an expiration time set, the certification signature should get an expiration time too such that the signature's validity period extends no longer into the future than the key's validity period. (Obviously if Alice specifically asks Bob to certify her key for a longer period, he can do so, but we need a default for the typical case that there is no out-of-band information on this.) Of course the one problem we cannot avoid is that the legitimate owner of the key cannot keep the key alive indefinitely. This is because this "problem" is exactly the security feature that me and Florian Weimer and Derek Atkins want to have: we don't want the bad guy to be able to unexpire the key if he gets hold of the secret key. -- Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Expiration semantics (Re: draft-ietf-openpgp-rfc2… Michael Young
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- More on key expiration policy (Re: draft-ietf-ope… Michael Young
- Re: More on key expiration policy (Re: draft-ietf… Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: Expiration semantics (Re: draft-ietf-openpgp-… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt disastry
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Adrian von Bidder
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller