Re: draft-ietf-openpgp-rfc2440bis-06.txt

Len Sassaman <> Mon, 23 September 2002 18:58 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id OAA20709 for <>; Mon, 23 Sep 2002 14:58:36 -0400 (EDT)
Received: (from majordomo@localhost) by (8.11.6/8.11.3) id g8NIr5311322 for ietf-openpgp-bks; Mon, 23 Sep 2002 11:53:05 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g8NIr4v11318 for <>; Mon, 23 Sep 2002 11:53:04 -0700 (PDT)
Received: by (Postfix, from userid 500) id 810B645025; Mon, 23 Sep 2002 11:53:04 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6939148024; Mon, 23 Sep 2002 11:53:04 -0700 (PDT)
Date: Mon, 23 Sep 2002 11:53:04 -0700 (PDT)
From: Len Sassaman <>
X-Sender: <>
To: Derek Atkins <>
Cc: Bodo Moeller <>, Jon Callas <>, OpenPGP <>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
In-Reply-To: <>
Message-ID: <>
X-AIM: Elom777
X-icq: 10735603
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>

On 23 Sep 2002, Derek Atkins wrote:

> Bodo Moeller <>; writes:
> > Please point out an advantage of *key* expiration over
> > *self-signature* expiration in that scenario.
> A bad guy gets a copy of my private key..  If there is a key
> expiration then they cannot keep it alive indefinitely.  Or is key
> compromise not an attack you care about? ;)

Actually, in Jon's proposal, the bad guy can. If we do things Bodo's way,
he can't.

Bodo wants to make key expirations permanent and unalterable. This means
that even if a bad guy gets the private key, the key expiration cannot be

With Jon's way, key expirations are not a defense against key compromise,
because they can be extended indefinitely by the holder of the private

The question I see is this: are key expiration dates a "mandate" or a
"suggestion" to third parties by the key owner?

In Mixmaster, we have key expiration dates that are not even tied to the
key by a signature -- they are just denoted in the key header field. The
intention here is to inform the user that the key will be deleted after
the expiration date, and in no way protects against the compromise of the
key. (Deleting the key does that -- the expiration date protects against
unreadable mail by the key holder).

One might argue that expirations in PGP are intended to be interpreted the
same way, and that the user should revoke the key if he is worried about
Bad Guys possessing it. I think this is how it must be interpreted if we
use Jon's system.