RE: draft-ietf-openpgp-rfc2440bis-06.txt

"Richie Laager" <> Mon, 23 September 2002 21:40 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id RAA26269 for <>; Mon, 23 Sep 2002 17:40:35 -0400 (EDT)
Received: (from majordomo@localhost) by (8.11.6/8.11.3) id g8NLXlC15794 for ietf-openpgp-bks; Mon, 23 Sep 2002 14:33:47 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.3) with ESMTP id g8NLXjv15788 for <>; Mon, 23 Sep 2002 14:33:45 -0700 (PDT)
Received: from ( []) by (8.11.6/8.11.6) with SMTP id g8NLXeS00886 for <>; Mon, 23 Sep 2002 16:33:40 -0500
Received: from ([]) by (NAVGW with SMTP id M2002092316254319777 ; Mon, 23 Sep 2002 16:25:43 -0500
Received: from NB1131 ([]) (authenticated) by (8.11.6/8.11.6) with ESMTP id g8NLXeu12772; Mon, 23 Sep 2002 16:33:40 -0500
From: "Richie Laager" <>
To: "'Bodo Moeller'" <>
Cc: "'OpenPGP'" <>
Subject: RE: draft-ietf-openpgp-rfc2440bis-06.txt
Date: Mon, 23 Sep 2002 16:33:36 -0500
Organization: Wikstrom Telecom Internet
Message-ID: <000001c26348$e0494ad0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <>
Importance: Normal
Precedence: bulk
List-Archive: <>
List-Unsubscribe: <>
List-ID: <>
Content-Transfer-Encoding: 7bit

Hash: SHA1

> -----Original Message-----
> From: Bodo Moeller [] 
> Sent: Monday, September 23, 2002 1:57 PM
> To: Richie Laager
> Cc: 'OpenPGP'
> Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
> On Mon, Sep 23, 2002 at 01:49:14PM -0500, Richie Laager wrote:
> >> Did you read my original message from the mailing list archives?
> >> There is a simple workaround for the protocol failure, which
> >> does not have the problems of your proposal: whenever someone
> >> certifies someone else's key, then if this key has an expiration
> >> time set, the certification signature should get an expiration
> >> time too such that the signature's validity period extends no
> >> longer into the future than the key's validity period.
> > How does this help? If a "bad guy" gets the private key, he can
> > simply resign everyone's key.
> If the bad guy gets Alice's private key that has expired, he can
> renew Alice's self-signature on the key, but he cannot renew Bob's
> certification for Alice's key, which will have expired too
> according to my proposal.  So no-one will believe it is still
> Alice's key.

Okay. I get it now. Alice's key expires in 5 years from creating, for
example. Two years later, Bob signs Alice's. Bob's PGP client sets an
expiration date of 3 years in the future on Bob's signature on
Alice's key. That way, Bob's signature expires at the same time as
Alice's key. If an attacker gets Alice's private key and extends the
expiration, the attacker would have to regain all of the signatures.

The only flaw I can see is that if Alice sets an expiration date of
Never, gets a signature from Bob, and then sets her expiration time
to 5 years, Bob's signature will likely NOT have an expiration date.
So, an attacker could then exploit Bob's signature. In essence, this
means that someone can't shrink their key validity length (length as
in time) and still have these benefits. My proposal would allow this.
However, my proposal doesn't allow someone to extend his or her key
validity length. And, my proposal requires changes on the client side
of the recipient, while your proposal requires client side changes
for the key signer. Therefore, I'll agree that your proposal is the
best. I just wanted to contribute my thoughts and clarify my
understanding of the issue.

Richard Laager

Version: PGP 7.0.4