IETF Logo Mail Archive

Re: V5 key packet format requirements

Ian G <iang@systemics.com> Fri, 03 February 2006 17:00 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F54Ij-0004by-O9 for openpgp-archive@megatron.ietf.org; Fri, 03 Feb 2006 12:00:50 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA20129 for <openpgp-archive@lists.ietf.org>; Fri, 3 Feb 2006 11:59:08 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k13GinWQ061417; Fri, 3 Feb 2006 08:44:49 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k13GinEG061416; Fri, 3 Feb 2006 08:44:49 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mailgate.enhyper.net ([80.168.109.121]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k13GimvC061397 for <ietf-openpgp@imc.org>; Fri, 3 Feb 2006 08:44:49 -0800 (PST) (envelope-from iang@systemics.com)
Received: from [IPv6:::1] (localhost [127.0.0.1]) by mailgate.enhyper.net (Postfix) with ESMTP id 84A465B8AE for <ietf-openpgp@imc.org>; Fri, 3 Feb 2006 16:44:47 +0000 (GMT)
Message-ID: <43E3882C.8060607@systemics.com>
Date: Fri, 03 Feb 2006 17:43:24 +0100
From: Ian G <iang@systemics.com>
Organization: http://financialcryptography.com/
User-Agent: Mozilla Thunderbird 1.0.6 (X11/20051013)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: V5 key packet format requirements
References: <20060202160713.GB18144@epointsystem.org> <43E3443D.90609@algroup.co.uk>
In-Reply-To: <43E3443D.90609@algroup.co.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Ben Laurie wrote:
> Daniel A. Nagy wrote:

>>1. Exclude creation date from fingerprint and key ID hash computation (and
>>maybe from the key packet, too -- it belongs to the self-signature). This
>>would mean that the key fingerprint and ID depend only on the actual key
>>(key material + algorithm).
> 
> 
> This could be confusing - documents that were signed with a key
> specified like this could retroactively find themselves predating the key.


Why is this important?  The date on the key is
just "there" and isn't of such strength that it
should be stressed overly much.

The dates of importance are the date of signing
(which should be in the signature) and the date
of attesting some meaning to the key for the
purpose of signing documents.  The date of the
key creation would appear to be just some artifact
of the tech.

(And for some things like password-generated keys,
would appear to be a non-date.)



> 
>>2. Scrap encrypted private keys. We already have a symmetrically encrypted
>>container format with sufficient integrity protection, so there is no reason
>>to maintain another one. Just put the unencrypted private key packet into
>>that container, if you need encryption. This will reduce the number of things
>>to worry about and make the security of OpenPGP easier to assess and
>>maintain.
> 
> 
> Yes, please!


Yay!  Less is always better.


iang

v2.23.0 | Report a Bug | By Email