[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with v4 key packet format



On Wednesday 21 September 2005 23:26, Hal Finney wrote:
> This is a good point, I'll have to think about it.  I'm still not
> sure that covering this material with key fingerprints and keyids is
> the right thing to do.  What would the security threats be from being
> able to bring a key back to life with the same fingerprint and keyid,
> but without any signatures on it being valid?

It becomes a threat once you get hold of the private key (through some 
accident, a data leak, whatever) because then you can also issue new 
self-signatures.

I see two possibilities to limit the damage: 

a) changing the expiration also changes the fingerprint, so the key does no 
longer match whatever users have in their keyring and would basically be a 
new key. 

b) changing the expiration breaks ALL signatures (not only self-sig) on the 
key. (Actually b must be implemented as well, when a is implemented.)

On the other hand: expiration dates are a very weak measure against key 
abuse (they only limit the damage), un-revocable revocation sigs seem much 
more effective to me.



	Konrad

Attachment: pgpAHnrwBWTm5.pgp
Description: PGP signature