[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Series of minor questions about OpenPGP 4
-----BEGIN PGP SIGNED MESSAGE-----
> You still can say shut up and go away ;-)
On the contrary, I think you should start discussing things here and
start writing drafts.
>> might also want to require the critical bit to be set on those
>> although that will impair interoperability.
> What do you mean with this? Require it by the RFC?
No, the critical bit means that you want an operation to be 100%
correct or to fail. If there is any doubt in anyone's mind, you want
the system to halt with an unrecoverable error.
Hal points out that this will mar interoperability.
>>> 4) In chapter 22.214.171.124 it is explicitly allowed that the key
>>> time is reset by a user (of course this cannot be prevented as the
>>> expiration time is no longer part of the key itself). Isn't this
>>> possibility comparable to revoke a revocation?
>>> I mean the creators states: "This key SHOULD NOT be used after <key
>>> expiration>." for example because he thinks an RSA786 key SHOULD no
>>> longer be used in 10 years. An attacker might simply revoke this
>>> (implicit) revocation by issuing a new self-signature with an
>> If the attacker got the private key.
> What was the reason that the key expiration time was taken out of the
> key itself (I think it was there before?)?
Because in PGP 3, a number of attributes were moved to the self-sigs
with the thought that you might have a key with different user ids and
different features. For example, I might have a user id in which a
cipher is allowed, and one in which it is not. You might also want to
have different expirations on those user ids.
> Well this would be great,.. I mean the current MAIN implementations of
> OpenPGP are probably GnuPG and PGP. I think David and Werner who
> represent GnuPG are reading this list and you, are you still at PGP
> Best wishes,
To you too! It's nice to see enthusiastic new blood.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
-----END PGP SIGNATURE-----