setting expiration date changes primary UID (was: Re: GnuPG race causes misordered uids?
dshaw at jabberwocky.com
Tue May 27 19:11:02 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, May 27, 2003 at 10:29:35AM +0200, Marcus Brinkmann wrote:
> On Tue, May 27, 2003 at 09:30:19AM +0200, Werner Koch wrote:
> > On Tue, 27 May 2003 06:29:39 +0200, Marcus Brinkmann said:
> > > key. This reveals a completely unrelated bug in GPG. Setting the
> > > expiration date of a key changes the primary UID!
> > Its a feature not a bug. The primary UID is the one with the primary
> > uid flag set or in absence of this flag the UID with the newest
> > self-signature. Changing the expiration time creates a new
> > self-signature using the current time.
> So what happens, supposedly, is that the currently primary UID gets its self
> signature first, and then the others. As it happens, a new second begins
> between that and one of the secondary UIDs becomes primary UID then because
> they have newer self-signatures. Wonderful :)
I agree this isn't a bug, but at the same time I think that we should
change the behavior when setting an expiration date. While it is true
that if a user wants a particular uid to be primary, they should use
the primary uid flag, if they don't use such a flag, then we should at
least maintain the status quo when manipulating the key.
As things are now, the selection of primary user ID in a key without
the primary uid flag set is nondeterministic when the user changes the
expiration date. It violates the principle of least surprise.
I think it would be reasonable to ensure that the earliest user ID
before the "expire" command is still the earliest after the command.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-devel