[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] rfc3880bis - hard expiration time


Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> writes:

> On Tue, Apr 28, 2015 at 11:59 AM, Christoph Anton Mitterer
> <calestyo@xxxxxxxxxxxx> wrote:
>> On Tue, 2015-04-28 at 11:36 -0400, Phillip Hallam-Baker wrote:
>>> On Tue, Apr 28, 2015 at 10:04 AM, Derek Atkins <derek@xxxxxxxxx> wrote:
>>> > Of course.  And in many use cases that's probably sufficient.  I see use
>>> > cases where it is not sufficient so I'd like to re-gain that feature.
>>> I think this is a use case but a distinct usecase from the usual
>>> interpretation of fingerprint on a businesscard.
>>> We need a range of fingerprints for different purposes and that is why
>>> I want to have the content-type to be part of the data that is being
>>> hashed.
>> Maybe it's just me but you seem to often mix up different topics...
>> What has the question of hard expiration times to do with the
>> fingerprint formats, content-types or fingerprint use cases?
> Derek and Jon are both discussing opposed use cases within OpenPGP
> scope. I am pointing out that we are discussing one special case of
> what should be a generic mechanism.
> While IETF charters are narrow, we are also supposed to be looking for
> ways to work with other IETF groups and make our work as useful as
> possible to other groups.
> Charter fetishes really don't help. Especially when we don't have a charter yet.
> Putting the MIME content type in the data to be digested is the right
> approach for OpenPGP and the right approach for IETF in general.

You are still, as Christoph pointed out, mixing topics.  I think we all
would appreciate it if you kept to the thread topics, or at least make
it clear how and why you are jumping ship.

On the face of it, talking about hard expiration times has NOTHING to do
with fingerprint formats.  It is, however, tangentially related only
because part of what Jon and I are discussing is whether the (OPTIONAL!)
hard expiration time should be in a portion of the data structure that
gets included in signature and fingerprint calculations.

Now, whether the user decides to use that optional feature is, of
course, up to the user.  If they choose not to (i.e., leave it at 0)
then the fingerprint (and signatures) would cover the key material
forever.  However if they DO decide to use the feature (and set an
expiration time) then the fingerprint would change if someone tried to
manipulate that expiration time (also invalidating all existing

<with my former chair hat on>
Still, this discussion is absolutely completely orthogonal to
fingerprint output formats, using text or image representations, or
whether to include a checksum in the (printed) fingerprint.  For these
types of discussions please use a different thread.
</...hat off>


> openpgp mailing list
> openpgp@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/openpgp


       Derek Atkins                 617-623-3745
       derek@xxxxxxxxx             www.ihtfp.com
       Computer and Internet Security Consultant

openpgp mailing list