(bug?) Revoked keys and past signatures

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Feb 11 00:24:19 CET 2015


On Tue 2015-02-10 13:20:03 -0500, Hauke Laging wrote:
>> your certifications (whether local or exportable) themselves have a
>> timestamp in them.  It would be silly to certify a key and its user ID
>> after it was revoked by the owner; you'd be claiming "i believe that
>> right now this is the correct key", which is not the case.
>
> And who says that this is the statement? The RfC? I think that faking 
> cannot be a good idea in a crypto context. What if the signing key was 
> created after the revocation? What would that look like? It must be 
> possible for people who have only newer keys to make a "the owner of 
> this key is X" statement.

I suspect this is widely held to be the semantics of the "signature
created on" timestamp, based on the following two sections of RFC 4880

5.2.3.4.  Signature Creation Time

   (4-octet time field)

   The time the signature was made.

   MUST be present in the hashed area.


5.2.3.10.  Signature Expiration Time

   (4-octet time field)

   The validity period of the signature.  This is the number of seconds
   after the signature creation time that the signature expires.  If
   this is not present or has a value of zero, it never expires.


The implication here is that the time of signature creation is the start
of the signature validity period.

>> I understand the semantics of what you're trying to do, but i'm not
>> sure that OpenPGP has syntax to represent it.
>
> I don't see any problem with the syntax. The problem is the lack of 
> semantic definition. The next OpenPGP version should address that at any 
> rate.

It sounds to me like you're asking for the standard to separate out
"signature creation time" from "signature validity start time".

This is an interesting proposal, and i can see why it would make sense
for this scenario.

I can also see it introducing a lot of subtle bugs in what is already a
very nuanced and subtle area (certificate timestamp checking; not just
in OpenPGP either -- the ongoing x.509 discussions about overlapping
windows of certificate validity).

I'm not sure about the tradeoffs here.

      --dkg



More information about the Gnupg-users mailing list