RE: draft-ietf-openpgp-rfc2440bis-06.txt

"Richie Laager" <rlaager@wiktel.com> Mon, 23 September 2002 18:55 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA20563 for <openpgp-archive@lists.ietf.org>; Mon, 23 Sep 2002 14:55:18 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8NInEB11224 for ietf-openpgp-bks; Mon, 23 Sep 2002 11:49:14 -0700 (PDT)
Received: from maild1.wiktel.com (maild1.wiktel.com [204.221.145.237]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8NInDv11220 for <ietf-openpgp@imc.org>; Mon, 23 Sep 2002 11:49:13 -0700 (PDT)
Received: from virus3.wiktel.com (virus3.wiktel.com [204.221.145.233]) by maild1.wiktel.com (8.11.6/8.11.6) with SMTP id g8NInAS12515 for <ietf-openpgp@imc.org>; Mon, 23 Sep 2002 13:49:10 -0500
Received: from smtp2.wiktel.com ([204.221.145.238]) by virus3.wiktel.com (NAVGW 2.5.2.9) with SMTP id M2002092313411319906 ; Mon, 23 Sep 2002 13:41:13 -0500
Received: from NB1131 ([146.57.166.32]) (authenticated) by smtp2.wiktel.com (8.11.6/8.11.6) with ESMTP id g8NIn3h29381; Mon, 23 Sep 2002 13:49:03 -0500
From: "Richie Laager" <rlaager@wiktel.com>
To: "'Bodo Moeller'" <moeller@cdc.informatik.tu-darmstadt.de>
Cc: "'OpenPGP'" <ietf-openpgp@imc.org>
Subject: RE: draft-ietf-openpgp-rfc2440bis-06.txt
Date: Mon, 23 Sep 2002 13:49:14 -0500
Organization: Wikstrom Telecom Internet
Message-ID: <002301c26331$e9ffadb0$20a63992@umcrookston.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20020923200254.A3493@cdc.informatik.tu-darmstadt.de>
Importance: Normal
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Bodo Moeller [mailto:moeller@cdc.informatik.tu-darmstadt.de] 
> Sent: Monday, September 23, 2002 1:03 PM
> To: Richie Laager
> Cc: 'Derek Atkins'; 'Jon Callas'; 'OpenPGP'
> Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
> 
> 
> On Mon, Sep 23, 2002 at 12:48:16PM -0500, Richie Laager wrote:
> 
> >> Yes he can -- this is exactly the problem [1] that I want to
> >> solve with my suggested change to the specification.  The way
> >> Jon wants to use key expiration, the bad guy can keep the key
> >> alive
> >> indefinitely. I call this a protocol failure, he calls it a
> >> feature.
> 
> > I've been following this thread somewhat, and I have the
> > following suggestion: [...]
> 
> Did you read my original message from the mailing list archives?
> There is a simple workaround for the protocol failure, which does
> not have the problems of your proposal: whenever someone certifies
> someone else's key, then if this key has an expiration time set,
> the certification signature should get an expiration time too such
> that the signature's validity period extends no longer into the
> future than the key's validity period.

How does this help? If a "bad guy" gets the private key, he can
simply resign everyone's key.

Richie

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPY9iKm31OrleHxvOEQIFggCfYsFDQBW0Y76iV0j8ydzI/Ct2ZkEAoNCD
4+CEOfmM9vpCRaphkQDdQpFv
=lWxk
-----END PGP SIGNATURE-----