[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Series of minor questions about OpenPGP 4

Hash: SHA1

> You still can say shut up and go away ;-)

On the contrary, I think you should start discussing things here and  
start writing drafts.

>> You
>> might also want to require the critical bit to be set on those  
>> packets,
>> although that will impair interoperability.
> What do you mean with this? Require it by the RFC?

No, the critical bit means that you want an operation to be 100%  
correct or to fail. If there is any doubt in anyone's mind, you want  
the system to halt with an unrecoverable error.

Hal points out that this will mar interoperability.

>>> 4) In chapter it is explicitly allowed that the key  
>>> expiration
>>> time is reset by a user (of course this cannot be prevented as the  
>>> key
>>> expiration time is no longer part of the key itself). Isn't this
>>> possibility comparable to revoke a revocation?
>>> I mean the creators states: "This key SHOULD NOT be used after <key
>>> expiration>." for example because he thinks an RSA786 key SHOULD no
>>> longer be used in 10 years. An attacker might simply revoke this
>>> (implicit) revocation by issuing a new self-signature with an  
>>> updated
>>> date.
>> If the attacker got the private key.
> What was the reason that the key expiration time was taken out of the
> key itself (I think it was there before?)?

Because in PGP 3, a number of attributes were moved to the self-sigs  
with the thought that you might have a key with different user ids and  
different features. For example, I might have a user id in which a  
cipher is allowed, and one in which it is not. You might also want to  
have different expirations on those user ids.

> Well this would be great,.. I mean the current MAIN implementations of
> OpenPGP are probably GnuPG and PGP. I think David and Werner who
> represent GnuPG are reading this list and you, are you still at PGP
> Corporation?


> Best wishes,
> Peter

To you too! It's nice to see enthusiastic new blood.


Version: PGP Universal 2.6.3
Charset: US-ASCII