Re: draft-ietf-openpgp-rfc2440bis-06.txt

"Michael Young" <mwy-opgp97@the-youngs.org> Tue, 24 September 2002 19:03 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09217 for <openpgp-archive@lists.ietf.org>; Tue, 24 Sep 2002 15:03:14 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OItfR05509 for ietf-openpgp-bks; Tue, 24 Sep 2002 11:55:41 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8OItcv05494 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 11:55:38 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id OAA28560 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 14:42:13 -0400 (EDT)
Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id OAA22848 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 14:55:35 -0400 (EDT)
Message-ID: <00c001c263fb$a8d70480$f0c12609@transarc.ibm.com>
From: "Michael Young" <mwy-opgp97@the-youngs.org>
To: "OpenPGP" <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Date: Tue, 24 Sep 2002 14:53:23 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A moment ago, I agreed with Jon's assertion that:
> >Key expirations are not "my" system. They're the way the OpenPGP works. If
> I agree with Jon's analysis.  Certainly, key expirations as they
> are defined now are rewriteable.  His example (periodically

Sigh.  Perhaps I shouldn't have been quite so quick to agree.
The last few drafts have included language on rewriting self-signatures,
but I can't find any in the "original" (http://www.ietf.org/rfc/rfc2440.txt).
This makes it a little hard to assert that this is just "how OpenPGP works".

BUT... this is "how GnuPG works" with respect to the act of
rewriting, and it may just be "how PGP and GnuPG work" with
respect to interpreting multiple expiration times.

Bodo an David have proposed using the key-expiration[9] and
(self-)signature-expiration[3] subpackets as "hard" and "soft"
flavors.  One could implement Jon's "rolling expiration"
scenarios with the self-signatures.

Alas, neither PGP(6.5) nor GnuPG(1.0.6) generates a signature-
expiration[3] subpacket.  GnuPG's expiration-changing function
operates on the key-expiration[9] subpacket.

When presented with two key-expiration versions, GnuPG appears to
accept the update (and throws away the old signature?).  PGP accepts
the update, and reports the new expiration time, but shows both
signatures.  Both PGP and GnuPG accept the new expiration time
for the purposes of encrypting; GnuPG ignores the expiration on
the main key, and accepts the one on the subkey.

I know that the specification need not be bound by quirks in
implementations, but as a practical matter, it doesn't feel
right to buck them here.  So, I come back to agreeing with Jon,
not just because the spec says so lately, but because the
implementations do, too.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPZC0nFMkvpTT8vCGEQL2IgCgsGbliVkzPb3mmB5IZQQ7wSp5AWAAnRhs
GXhshIQB2eBBVXJ63M2/m2lb
=xqJI
-----END PGP SIGNATURE-----