Re: Why is privateKeyUsagePeriod deprecated?

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

"David A. Cooper" <david.cooper@xxxxxxxx> writes:

>It is my understanding that use of this extension was deprecated since,
>unless signed messages are timestamped by a trusted time stamping service,
>there is no way of determining when a message was signed. 

But the same thing applies to the overall cert validity time (as opposed to
just the PKUP) as well.  This doesn't seem like a very valid reason.

>Is there any reason that the PKI users you mention need to include this
>information in the certificate?  

Yes, because they want to use the signing key (relatively) short-term, but be
able to verify sigs using the public portion years after the private portion
has been retired/destroyed/lost/whatever.

>If there is a need to verify signatures for up to 7 years after the signature
>was generated, why not just institute a policy that all subscribers must
>rekey 7 years before the expiration of their certificates?  

Because it's unlikely that the CAs are going to modify their 1-year billing-
cycle-driven renewal process to handle long-term signing over 10- or 20-year
periods (and conversely I can't imagine users going through the hassle and
expense of re-certifying a bunch of keys year in year out just so someone else
can verify their sigs).  In any event the users don't want to keep the keys
around forever, they want to use the private keys for x amount of time but
still allow verification of the sigs generated with the keys 5x or 10x or 20x
later.

Peter.