Time conflicts not checked on subkey signatures?

David Shaw dshaw at jabberwocky.com
Mon Nov 15 01:39:32 CET 2004


On Fri, Nov 12, 2004 at 12:41:11PM +0100, Holger Sesterhenn wrote:
>  Hi,
> 
> I have done some research on how gnupg handles time conflicts between
> signature packets and public key packets/public subkey packets.
> 
> Signatures are checked in g10/sig-check.c.
> 
> do_check_messages() compares the public key packet timestamp and the
> signature packet timestamp. The error code "G10ERR_TIME_CONFLICT" is not
> set somewhere else in sig-check.c.
> 
> The function check_key_signature2() calls do_check_messages() via
> do_check(). The subkey packet is just hashed but not checked for time
> conflicts.
> 
> You can see the problem with this key:
> 
> ./gpg --with-colon --fingerprint --fixed-list-mode --check-sig
> 
> (GnuPG 1.3.6, 1.2.4 looks slightly different, I hope the output is not
> that much crippled)
> 
> pub:r:1024:17:131E92BF5A16ADD7:936832137:::-:::sca:
> fpr:::::::::02A3BC00358327E518CEA199131E92BF5A16ADD7:
> rev:!::17:131E92BF5A16ADD7:949365009::::RavingCow
> <ravingcow at hotmail.com>:20x:
> uid:r::::942521984::9AAA48F52CA77FF628A75CB8BD913287A0DCBD68::RavingCow
> <ravingcow at hotmail.com>:
> sig:?::17:F8601C136A6CF305:943903355:::::10x:
> rev:%::17:131E92BF5A16ADD7:943631147::::[unknown signature class] :28x:
> rev:%::17:131E92BF5A16ADD7:944264133::::[unknown signature class] :28x:
> sig:!::17:131E92BF5A16ADD7:942521984::::RavingCow
> <ravingcow at hotmail.com>:10x:
> sig:?::17:83CAAC2837AA3A5B:943575352:951783352::::10x:
> uid:r::::936832137::62BA3AFE78F6DCD72279A4F934C8AD45FD547D68::David
> Greenaway <vbkid at rocketmail.com>:
> sig:?::17:F8601C136A6CF305:943793261:::::10x:
> rev:%::17:131E92BF5A16ADD7:943631147::::[unknown signature class] :28x:
> rev:%::17:131E92BF5A16ADD7:944264133::::[unknown signature class] :28x:
> sig:!::17:131E92BF5A16ADD7:936832137::::RavingCow
> <ravingcow at hotmail.com>:10x:
> sig:?::17:83CAAC2837AA3A5B:943575352:951783352::::10x:
> sig:?::1:2CCA5AD654E87F1B:949364968::1 120:::10x:
> sub:r:1024:16:97EF615D82E6AFC4:936832142::::::e:
> sig:!::17:131E92BF5A16ADD7:936832142::::RavingCow
> <ravingcow at hotmail.com>:18x:
> rev:!::17:131E92BF5A16ADD7:943631147::::RavingCow
> <ravingcow at hotmail.com>:28x:
> sub:r:2048:16:B65DC362D7433511:942462001:946522801:::::e:
> sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
> <ravingcow at hotmail.com>:18x:
> rev:!::17:131E92BF5A16ADD7:944264133::::RavingCow
> <ravingcow at hotmail.com>:28x:
> sig:!::17:131E92BF5A16ADD7:942522219::::RavingCow
> <ravingcow at hotmail.com>:18x:
> sub:i:2048:16:066E0F3E0BDA77F9:946609201:::::::
> sub:r:4096:16:141ED9B26ED48A96:942462001:946522801:::::e:
> sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
> <ravingcow at hotmail.com>:18x:
> sig:!::17:131E92BF5A16ADD7:942522407::::RavingCow
> <ravingcow at hotmail.com>:18x:
> 
> sub:r:4096:16:EAE3081B816B7B04:946609201:954385201:::::e:
> sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
> <ravingcow at hotmail.com>:18x:
> sig:!::17:131E92BF5A16ADD7:943632086::::RavingCow
> <ravingcow at hotmail.com>:18x:
>    
> ^^^^^^^^ Signature creation date is older than subkey creation date.
> 
> sub:i:4096:16:D0743C0946315695:946609201:::::::
> sig:-::17:131E92BF5A16ADD7:936832142::::RavingCow
> <ravingcow at hotmail.com>:18x:
> rev:-::17:131E92BF5A16ADD7:943631147::::RavingCow
> <ravingcow at hotmail.com>:28x:
> rev:-::17:131E92BF5A16ADD7:944264133::::RavingCow
> <ravingcow at hotmail.com>:28x:
> 
> I know that this key is crippled but nevertheless the revoke signature
> on the subkey should not be treated as valid.

I'm not sure if I agree with this.  To be sure, the revocation
signature is dated before the subkey itself, but since the subkey is
required to generate the revocation signature in the first place, one
(or both) of the dates are wrong.

People revoke keys for a reason.  I don't think it is good to
un-revoke a key because someone's clock was wrong...

David



More information about the Gnupg-devel mailing list