[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [openpgp] rfc3880bis - hard expiration time
-----BEGIN PGP SIGNED MESSAGE-----
On 04/27/2015 04:29 PM, Derek Atkins wrote:
> Unless you've removed support for V3 keys from your implementation
> then you effectively already have this implemented.
We removed support for v3 keys in OpenKeychain.
> You are correct that the current v4+self-sig-sub-packet does not
> prevent an attack where the private key gets compromised. That's
> exactly why some of us want to re-introduce key expiration in the
> key packet (ala v3). What it allows is the ability to say "this key
> cannot be used after date X". Even if an attacker gets the private
> key there is no way for them to change that.
> Of course, if an attacker does obtain the private key they could
> still sign stuff as of "date X-1". But eventually that stops
2,5 years on average until a key expires, even if you would argue
setting the expiry time to 6 month, it's enough time for an attacker
to misuse the key, I just don't see attack scenario prevented by
having expiration dates.
As outlined before, I see soft expiration dates as a convenience
feature, not something that prevents attacks. Thus, hard expiration
makes no sense in my model.
Some argue that expiration helps invalidating old crypto, I disagree.
Using 512 bit RSA keys should be rejected by the client software, no
need to place expiration dates inside the key. This is actually
something we currently have on our TODO list for OpenKeychain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
openpgp mailing list