* Werner Koch: > On Wed, 15 Feb 2012 23:22, [email protected] said: > >> implementations seem to interpret it as a hard limit. The V4 key >> format has something which the OpenPGP specification calls an >> "expiration date", but its not really enforceable because it can be >> stripped by an attacker and extended by someone who has access to the >> private key, by creating a new self-signature. In this sense, the > > The first part of your claim is wrong. The expiration date can't be > stripped by an attacker because it is bound by a self-signature to the > key. The self-signature is mandatory for OpenPGP keys. In that sense > it is the same as with the NotAfter date in X.509.
In X.509, certification signatures cover the value of the notAfter attribute. If I'm not mistaken, this is true for V3 keys as well. However, when a V4 key is signed, the certification signature does not cover the expiration date. The key holder (legitimate or not) can therefore arbitrarily extend the key life time, while keeping the key in the web of trust. This has advantages and disadvantages, of course. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
