On Nov 14, 2012, at 4:48 PM, Dean Willis wrote:
>
> On Nov 9, 2012, at 10:46 AM, Dean Willis wrote:
>
>> AD asks:
>>
>> section 7.4.2.2: If the signer's cert has expired, is a signature on a
>> stored value still considered valid or not? One issue is that if any
>> revocation/status checking is supported then there may not be any such
>> information available for expired certs. Another issue is that if you do
>> consider signatures only verifiable with non-expired certs, then a lot can
>> go wrong when a cert expires and its hard to fix that up. I don't have a
>> good solution to offer, but maybe you have an answer?
>>
>> In the current doc, 7.1 says:
>> When signatures are verified, the current time MUST
>> be compared to the certificate validity period. However, it is
>> permitted to have a value signed which expires after a certificate's
>> validity period (though this will likely cause verification failure
>> at some future time.)
>>
>> I understand that some implementations flush any object for which the
>> signing certificate has expired; that is, the upper TTL for an object is the
>> remaining validity period for the signing certificate. This could be
>> enforced on insertion, or by audit/cleanup processes.
>>
>> How do we want to handle it?
>>
>>
>
> I met today with Cullen and EKR on this one.
>
> We agree that we need to clarify in 7.4.2.2 that a signature from an expired
> cert is not valid, and that implementations may garbage-collect data signed
> by expired certs at their discretion. We can add a back-reference to the
> validity testing section in 7.1
Here's my submitted text:
<t>Note that there is no relationship between the validity
window of a certificate and the expiry of the data it is
authenticating. When signatures are verified, the current time
MUST be compared to the certificate validity period. Stored
data MAY be set to expire after the signing certificate's
validity period. Such signatures are not considered valid
after the signing certificate expires. Implementations may
garbage collect such data at their convenience, either purging
it automatically (perhaps by setting the upper bound on data
storage to the lifetime of the signing certificate) or by
simply leaving it in-place until it expires naturally and
relying on users of that data to notice the expired signing
certificate.</t>
--
Dean
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
