On Fri, Jan 06, 2006 at 05:22:44AM +0100, Bernd Eckenfels wrote:
> Nick Phillips <nwp@nz.lemon-computing.com> wrote:
> > If the 2006 key takes (say) 15 months to compromise, then it is fine
> > to use it to sign and verify the new key on 1/1/2007, so long as you
> > perform that verification before March...
> Or be able to proof the date of signing.
The only way to be confident the signing date is X/Y/ZZZZ is to have
had the key on that date -- otherwise someone can just set their clock
back, sign it with that date, and pretend "oh yeah, I did sign it then,
I just forgot to upload".
> > IOW using the old key to sign the new key only requires that the old
> > key be "good" at one point during the new year, whereas continuing to
> > use the old key requires that it be "good" all year.
> Yes, but it breaks a long term usage like web of trust.
How so? In the long term you end up with "aj signed 2005, aj and 2005
signed 2006, 2005 is expired"; I don't think there's anything broken in
that situation.
We could potentially have the N key remain unexpired for the entire
period the N+1 key is used; or maybe have overlapping keys, so that:
2006/01/01 - 2006/06/30: signed with 2006 key
2006/07/01 - 2006/12/31: signed with 2006 + 2007 key
2007/01/01 - 2007/06/30: signed with 2006 + 2007 key
2007/07/01 - 2007/12/31: signed with 2007 + 2008 key
2008/01/01 - 2008/06/30: signed with 2007 + 2008 key
2008/07/01 - 2008/12/31: signed with 2008 + 2009 key
and in the event of a compromise, sign with:
2006, 2007, 2006-reissued, 2007-reissued
on the basis that signing with the compromised 2006,2007 keys doesn't
add security, but doesn't take it away either, and that the keys will
be removed from the user's keyrings as part of a security update signed
in the above manner.
The above assumes keys represent one year, but are used for two years;
having them represent 6 months instead would allow them to continue expiring
after one year.
Cheers,
aj
Attachment:
signature.asc
Description: Digital signature