[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Series of minor questions about OpenPGP 4



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>
> You still can say shut up and go away ;-)

On the contrary, I think you should start discussing things here and  
start writing drafts.

>> You
>> might also want to require the critical bit to be set on those  
>> packets,
>> although that will impair interoperability.
> What do you mean with this? Require it by the RFC?

No, the critical bit means that you want an operation to be 100%  
correct or to fail. If there is any doubt in anyone's mind, you want  
the system to halt with an unrecoverable error.

Hal points out that this will mar interoperability.


>>> 4) In chapter 5.2.3.3 it is explicitly allowed that the key  
>>> expiration
>>> time is reset by a user (of course this cannot be prevented as the  
>>> key
>>> expiration time is no longer part of the key itself). Isn't this
>>> possibility comparable to revoke a revocation?
>>> I mean the creators states: "This key SHOULD NOT be used after <key
>>> expiration>." for example because he thinks an RSA786 key SHOULD no
>>> longer be used in 10 years. An attacker might simply revoke this
>>> (implicit) revocation by issuing a new self-signature with an  
>>> updated
>>> date.
>> If the attacker got the private key.
> What was the reason that the key expiration time was taken out of the
> key itself (I think it was there before?)?

Because in PGP 3, a number of attributes were moved to the self-sigs  
with the thought that you might have a key with different user ids and  
different features. For example, I might have a user id in which a  
cipher is allowed, and one in which it is not. You might also want to  
have different expirations on those user ids.

>>
> Well this would be great,.. I mean the current MAIN implementations of
> OpenPGP are probably GnuPG and PGP. I think David and Werner who
> represent GnuPG are reading this list and you, are you still at PGP
> Corporation?

Yes.

>
> Best wishes,
> Peter
>

To you too! It's nice to see enthusiastic new blood.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFJgfeksTedWZOD3gYRAmLQAKChmG6pgdkCdkZDIslxMEUupmLCQACgxAQj
H8YuyCyhFF697rSGw40BBBQ=
=+IVy
-----END PGP SIGNATURE-----