On Fri, Jan 06, 2006 at 05:22:44AM +0100, Bernd Eckenfels wrote: > Nick Phillips <nwp@nz.lemon-computing.com> wrote: > > If the 2006 key takes (say) 15 months to compromise, then it is fine > > to use it to sign and verify the new key on 1/1/2007, so long as you > > perform that verification before March... > Or be able to proof the date of signing. The only way to be confident the signing date is X/Y/ZZZZ is to have had the key on that date -- otherwise someone can just set their clock back, sign it with that date, and pretend "oh yeah, I did sign it then, I just forgot to upload". > > IOW using the old key to sign the new key only requires that the old > > key be "good" at one point during the new year, whereas continuing to > > use the old key requires that it be "good" all year. > Yes, but it breaks a long term usage like web of trust. How so? In the long term you end up with "aj signed 2005, aj and 2005 signed 2006, 2005 is expired"; I don't think there's anything broken in that situation. We could potentially have the N key remain unexpired for the entire period the N+1 key is used; or maybe have overlapping keys, so that: 2006/01/01 - 2006/06/30: signed with 2006 key 2006/07/01 - 2006/12/31: signed with 2006 + 2007 key 2007/01/01 - 2007/06/30: signed with 2006 + 2007 key 2007/07/01 - 2007/12/31: signed with 2007 + 2008 key 2008/01/01 - 2008/06/30: signed with 2007 + 2008 key 2008/07/01 - 2008/12/31: signed with 2008 + 2009 key and in the event of a compromise, sign with: 2006, 2007, 2006-reissued, 2007-reissued on the basis that signing with the compromised 2006,2007 keys doesn't add security, but doesn't take it away either, and that the keys will be removed from the user's keyrings as part of a security update signed in the above manner. The above assumes keys represent one year, but are used for two years; having them represent 6 months instead would allow them to continue expiring after one year. Cheers, aj
Attachment:
signature.asc
Description: Digital signature