Extending the key expiration date

David Shaw dshaw@jabberwocky.com
Wed Sep 5 21:20:01 2001


On Wed, Sep 05, 2001 at 01:47:46PM -0500, David Champion wrote:

> On 2001.09.05, in <20010905142745.A2054@akamai.com>,
> "David Shaw" <dshaw@jabberwocky.com> wrote:
> >
> > Sure, but you can revoke the key, which trumps the attacker :)
>
> But that requires a key update by any peer who already has your key
> locally cached, whereas an irrevocable key expiry does not. Expiry is
> a more reliable cap on key abuse in a deep network where you cannot
> send updates to every peer who's used your key... or it would be, if it
> weren't flawed. :)
It's the eternal conflict between ease-of-use and security. It's a handy feature to be able to extend the expiration date, but it is not as secure as an unchangeable expiration date set at key generation time. It would be nice if there was a way to support both and let the key owner decide. The spec does allow for nonrevocable signatures.. I wonder if a nonrevocable self-signature would be useful here to signal the implementation that it mustn't be changed. It isn't as secure as having the date in the key packet, but it would at least force the attacker to modify the key (replacing the original self-signature), and as you point out, that's not easy in a deep network. David -- David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson