Retaining expired sigs
Jason Harris
jharris at widomaker.com
Mon Mar 21 05:07:50 CET 2005
On Sun, Mar 20, 2005 at 08:36:09PM -0500, David Shaw wrote:
> On Sun, Mar 20, 2005 at 11:32:06PM +0100, Nicolas Rachinsky wrote:
> > What about different Levels (sig1..sig3) of signatures? If the first
> > one is sig3 and the second one sig1 and min-cert-level>1 there would
> > be a difference.
>
> Yes, this is exactly why I don't want to do what Jason suggested.
> That would imply allowing a sig1 (which is ignored) to override a
> non-revocable signature, implicitly "revoking" it.
0x11 sigs are ignored by GPG by default, yes, but for users who set
"--min-cert-level 0," 0x11 sigs are just as valid as all the others.
In that case, they can't be construed as implicity revoking sigs at
other levels.
Also, when "--min-cert-level 1" is in effect, I imagine GPG will
discard all 0x11 sigs, whether revocable or non-revocable. In that
case, a 0x11 sig. definitely can't even begin to implicity revoke sigs
at other levels.
On Sun, Mar 20, 2005 at 08:33:35PM -0500, David Shaw wrote:
> Ok, I see where you're coming from. You are correct: I do feel that a
> non-revocable signature must be a non-revocable + non-supercedable
> signature.
Noted.
> I feel it really needs to be this way to fulfil the spirit as well as
> the letter of the standard. There is little point to a non-revocable
> signature (described as "They represent a commitment by the signer
> that he cannot revoke his signature for the life of his key." in the
> spec) if that signature can be effectively revoked by superceding it
> with an unusable signature (say, one with an unusable hash algorithm).
Bad example. If a sig. can't be verified by the encryption client,
it must be disregarded and therefore can't supercede any other sigs.
> The nice thing (in terms of the 0x12/0x13 question) is that it doesn't
> matter: GPG doesn't interpret 0x12 any differently than 0x13. Thus
> (from the earlier example), it genuinely makes no difference if the
> 1-Jan-2000 signature is 0x12 and the 2-Jan-2000 signature is 0x13. So
> long as GPG interprets either of those as a signature with no
> qualifications, then there is no advantage or disadvantage to either
> signature being used. Either one is just "signature".
Again, bad example. "--min-cert-level 2" (no matter how ridiculous
you may personally find its use) will make GPG disregard 0x12 sigs.
I really don't think it is worth trying to protect against these
scenarios. A user can simply remove any non-revocable sigs they don't
want in their local keyring. This cannot be protected against and is
certainly not an act of revocation by the issuers of non-revocable sigs.
Lowering the sig. level initially set in a non-revocable sig. can never
"revoke" that sig. either, IMO (as my past messages should have made
clear), and even GPG's --min-cert-level doesn't create the conditions
for this to happen (as explained above).
> I just checked PGP 8.1 and the results were interesting.
>
> When importing a sig+expired sig set, PGP does what we ended up with:
> it strips the sig and leaves the expired sig.
OK.
> When importing a non-revoke-sig + revoked sig set, PGP doesn't strip
> anything, but does ignore the non-revokable sig (it isn't even visible
> in the GUI).
Gah! PGP 8.1 allows non-revocable sigs to be revoked?!
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050320/74e936d1/attachment.pgp
More information about the Gnupg-users
mailing list