Re: draft-ietf-openpgp-rfc2440bis-06.txt
"Michael Young" <mwy-opgp97@the-youngs.org> Tue, 24 September 2002 19:03 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA09217 for <openpgp-archive@lists.ietf.org>; Tue, 24 Sep 2002 15:03:14 -0400 (EDT)
Received: (from majordomo@localhost) by above.proper.com (8.11.6/8.11.3) id g8OItfR05509 for ietf-openpgp-bks; Tue, 24 Sep 2002 11:55:41 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8OItcv05494 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 11:55:38 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id OAA28560 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 14:42:13 -0400 (EDT)
Received: from mwyoung (dhcp-193-40.transarc.ibm.com [9.38.193.240]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id OAA22848 for <ietf-openpgp@imc.org>; Tue, 24 Sep 2002 14:55:35 -0400 (EDT)
Message-ID: <00c001c263fb$a8d70480$f0c12609@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: draft-ietf-openpgp-rfc2440bis-06.txt
Date: Tue, 24 Sep 2002 14:53:23 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A moment ago, I agreed with Jon's assertion that: > >Key expirations are not "my" system. They're the way the OpenPGP works. If > I agree with Jon's analysis. Certainly, key expirations as they > are defined now are rewriteable. His example (periodically Sigh. Perhaps I shouldn't have been quite so quick to agree. The last few drafts have included language on rewriting self-signatures, but I can't find any in the "original" (http://www.ietf.org/rfc/rfc2440.txt). This makes it a little hard to assert that this is just "how OpenPGP works". BUT... this is "how GnuPG works" with respect to the act of rewriting, and it may just be "how PGP and GnuPG work" with respect to interpreting multiple expiration times. Bodo an David have proposed using the key-expiration[9] and (self-)signature-expiration[3] subpackets as "hard" and "soft" flavors. One could implement Jon's "rolling expiration" scenarios with the self-signatures. Alas, neither PGP(6.5) nor GnuPG(1.0.6) generates a signature- expiration[3] subpacket. GnuPG's expiration-changing function operates on the key-expiration[9] subpacket. When presented with two key-expiration versions, GnuPG appears to accept the update (and throws away the old signature?). PGP accepts the update, and reports the new expiration time, but shows both signatures. Both PGP and GnuPG accept the new expiration time for the purposes of encrypting; GnuPG ignores the expiration on the main key, and accepts the one on the subkey. I know that the specification need not be bound by quirks in implementations, but as a practical matter, it doesn't feel right to buck them here. So, I come back to agreeing with Jon, not just because the spec says so lately, but because the implementations do, too. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPZC0nFMkvpTT8vCGEQL2IgCgsGbliVkzPb3mmB5IZQQ7wSp5AWAAnRhs GXhshIQB2eBBVXJ63M2/m2lb =xqJI -----END PGP SIGNATURE-----
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Werner Koch
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Expiration semantics (Re: draft-ietf-openpgp-rfc2… Michael Young
- RE: draft-ietf-openpgp-rfc2440bis-06.txt Richie Laager
- More on key expiration policy (Re: draft-ietf-ope… Michael Young
- Re: More on key expiration policy (Re: draft-ietf… Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Jon Callas
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… Bodo Moeller
- Re: Expiration semantics (Re: draft-ietf-openpgp-… Bodo Moeller
- Re: More on key expiration policy (Re: draft-ietf… David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Derek Atkins
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller
- Re: draft-ietf-openpgp-rfc2440bis-06.txt disastry
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Len Sassaman
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt David Shaw
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Michael Young
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Adrian von Bidder
- Re: draft-ietf-openpgp-rfc2440bis-06.txt Bodo Moeller