[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] details of 4880bis work

On Wed, Apr 15, 2015 at 8:39 PM, Christoph Anton Mitterer
<calestyo@xxxxxxxxxxxx> wrote:
> On Wed, 2015-04-15 at 14:01 -0700, Jon Callas wrote:
>> There was also a mention somewhere of removing the timestamp from the
>> fingerprint, and that's what I really want to comment on.
>> When 2440 started, removing the timestamp was one of the things I
>> wanted to do. However, it's not such a bad thing. If you make a
>> fingerprint merely be a function of the key (it has no variable data),
>> then you lose the ability to alias the key, which is actually useful.
> I think the main problem with the valid from/through dates not being a
> part of the fingerprint is the following:
> A user may intentionally want to limit his key for security reasons,
> e.g. he makes a 1024 bit and wants to make sure that no one is
> using/trusting it after two years anymore.

That is an important requirement but putting the time info into the
fingerprint is not the only way to address it.

Operating PKIX, the lifetime of root keys and root certs is very
different. Rolling over a root with the same key is common. The
principal application of fingerprints is analogous to a root.

That said, if we hash <content-type> + <data> rather than just <data>,
there is no need to commit to a single approach now.

> That's why I think, that creation and expiration times should be
> immutable once the key has been created; at least not without
> invalidating all signatures (i.e. those from other users).

At that point we are authenticating a self signed cert, not just the
key and the dynamics are different.

openpgp mailing list