[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Series of minor questions about OpenPGP 4

To: OpenPGP <ietf-openpgp@xxxxxxx>
Subject: Re: Series of minor questions about OpenPGP 4
From: Jon Callas <jon@xxxxxxxxxx>
Date: Thu, 29 Jan 2009 11:37:25 -0800
In-reply-to: <9ef756150901290942h65537fd9ic4eb2f067558a80b@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <20090128184824.E28D614F6E1@xxxxxxxxxx> <9ef756150901290942h65537fd9ic4eb2f067558a80b@xxxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>
> You still can say shut up and go away ;-)

On the contrary, I think you should start discussing things here and  
start writing drafts.

>> You
>> might also want to require the critical bit to be set on those  
>> packets,
>> although that will impair interoperability.
> What do you mean with this? Require it by the RFC?

No, the critical bit means that you want an operation to be 100%  
correct or to fail. If there is any doubt in anyone's mind, you want  
the system to halt with an unrecoverable error.

Hal points out that this will mar interoperability.


>>> 4) In chapter 5.2.3.3 it is explicitly allowed that the key  
>>> expiration
>>> time is reset by a user (of course this cannot be prevented as the  
>>> key
>>> expiration time is no longer part of the key itself). Isn't this
>>> possibility comparable to revoke a revocation?
>>> I mean the creators states: "This key SHOULD NOT be used after <key
>>> expiration>." for example because he thinks an RSA786 key SHOULD no
>>> longer be used in 10 years. An attacker might simply revoke this
>>> (implicit) revocation by issuing a new self-signature with an  
>>> updated
>>> date.
>> If the attacker got the private key.
> What was the reason that the key expiration time was taken out of the
> key itself (I think it was there before?)?

Because in PGP 3, a number of attributes were moved to the self-sigs  
with the thought that you might have a key with different user ids and  
different features. For example, I might have a user id in which a  
cipher is allowed, and one in which it is not. You might also want to  
have different expirations on those user ids.

>>
> Well this would be great,.. I mean the current MAIN implementations of
> OpenPGP are probably GnuPG and PGP. I think David and Werner who
> represent GnuPG are reading this list and you, are you still at PGP
> Corporation?

Yes.

>
> Best wishes,
> Peter
>

To you too! It's nice to see enthusiastic new blood.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFJgfeksTedWZOD3gYRAmLQAKChmG6pgdkCdkZDIslxMEUupmLCQACgxAQj
H8YuyCyhFF697rSGw40BBBQ=
=+IVy
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Series of minor questions about OpenPGP 4
  - From: Peter Thomas

References:
- Re: Series of minor questions about OpenPGP 4
  - From: "Hal Finney"
- Re: Series of minor questions about OpenPGP 4
  - From: Peter Thomas

Prev by Date: Re: Ideas on new user attribute types and image formats
Next by Date: Re: Series of minor questions about OpenPGP 4
Previous by thread: Re: Series of minor questions about OpenPGP 4
Next by thread: Re: Series of minor questions about OpenPGP 4
Index(es):
- Date
- Thread