Retaining expired sigs

David Shaw dshaw at jabberwocky.com
Fri Mar 18 19:23:39 CET 2005


On Fri, Mar 18, 2005 at 12:30:32PM -0500, Jason Harris wrote:

> > It is not good design to hamper the majority of users to please the
> > minority of users who like to calculate key signing statistics.  In
> 
> Everyone who feels expiring signatures hamper their keys should
> raise the issue with those generating such burdensome signatures.

That's somewhat impractical.  Should we ban expiring signatures?  You
seem to have a problem with the GD because it issues fast-expiring
signatures, but many people use expiring signatures.  Even if people
issued 1-year signatures, there would be a problem eventually.

In the real world, we cannot control what other people generate.  The
best we can do is "be liberal in what we accept, and conservative in
what we generate".

> Furthermore, I don't see a lot of difference between expired signatures
> and superceded signatures, yet GPG doesn't (currently) throw away the
> latter:

There is a significant difference.  An expired signature is *expired*.
It's dead as Marley.  A superceded signature is very much alive, and
is used *unless something better is present*.

In GPG, an expiring (but not yet expired) signature will supercede an
earlier signature from the same signer.  Once this signature expires,
it still supercedes the earlier signature (thus effectively disabling
the original signature).  Thus you have a perfectly valid signature
that is disabled by an expired signature.  This is one of those
interesting areas of the trust model where things get fuzzy: it's not
clear what the semantics should be here, since it requires GPG to
guess what the signer "really meant" to say, and worse, guess this
without all the data at hand.

It gets messy very fast: if I sign a key with no expiration, then sign
it again with an expiration, then the second signature expires - is my
original signature still valid?  Maybe I actually revoked the first
signature, but the revocation packet isn't present right now, or was
stripped out by the key owner.  Maybe the second signature was a short
term signature because the original signature wasn't present at that
time.  Add to that the problems of packets being missing and bad
clocks, and it's a very fuzzy question indeed.

I recommend that if people want to replace an earlier signature with a
new, expiring, signature, they first revoke the earlier signature, and
only then issue the new expiring signature.  This way there are much
fewer questions as to the intent of the signer, and many fewer
opportunities for the trust code to guess wrong.

David



More information about the Gnupg-users mailing list