The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:expire

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pgpfan:expire [2023/09/19 12:56] – [My experience] The topic had changed. b.walzerpgpfan:expire [2026/03/10 19:06] (current) – [Cleaning up old keys] Shouldn't assume that reader shares my assumptions. b.walzer
Line 24: Line 24:
 A signing key allows a user to produce a signature that authenticates a message or document or a software archive in some context dependent way. A signing key allows a user to produce a signature that authenticates a message or document or a software archive in some context dependent way.
  
-I am not really sure what expiry could mean for the case of loss of the secret part of the key. In a paper context, a signature or seal is still considered valid even if the technical means to create such marks no longer exists. Even if you lose your pen or stamp, signatures made with the pen or stamp are still binding and relevant. In a PGP context, only the public part of the key is required to verify a signature. Expiring that public part seems arbitrary and pointless. It would just be confusing if all the already received email from a particular correspondent suddenly started showing up as anonymous (unsigned). It would make no sense for a signed software archive to suddenly be not signed. Signing key expiry goes against normal cultural assumption.+I am not really sure what expiry could mean for the case of loss of the secret part of the key. In a paper context, a signature or seal is still considered valid even if the technical means to create such marks no longer exists. Even if you lose your pen or stamp, signatures made with the pen or stamp are still binding and relevant. In a PGP context, only the public part of the key is required to verify a signature. Expiring that public part seems arbitrary and pointless. It would just be confusing if all the already received email from a particular correspondent suddenly started showing up as anonymous (unsigned). It would make no sense for a signed software archive to suddenly be not signed((Here a user asks if signing key expiry is a problem and receives no definite answer: [[https://lists.gnupg.org/pipermail/gnupg-users/2023-August/066668.html|nPth signature]])). Signing key expiry goes against normal cultural assumption.
  
 It might make sense for implementations to ignore expiry dates on keys used for verifying a signature and thus avoid the question of meaning in the first place. It might make sense for implementations to ignore expiry dates on keys used for verifying a signature and thus avoid the question of meaning in the first place.
Line 45: Line 45:
  
 Where the receiver and the sender are the same entity then that entity can choose whatever key they want, whenever they want. So encryption key expiry doesn't make sense for things like file encryption. It would be an inconvenience at best. Where the receiver and the sender are the same entity then that entity can choose whatever key they want, whenever they want. So encryption key expiry doesn't make sense for things like file encryption. It would be an inconvenience at best.
 +
 +So the point of this section is that key expiry only makes sense for encryption keys and then only for very rare circumstances. Default key expiry is likely to cause more trouble than it is worth.
  
 ====How TLS is different==== ====How TLS is different====
Line 133: Line 135:
 This is easier than key expiry and could be made into a one shot command with no required parameters. This is easier than key expiry and could be made into a one shot command with no required parameters.
  
-So the operators of a PGP key server could announce that they would delete older PGP identities based on this creation date. They could even send out reminder messages based on the embedded email address. If an identity ended up being deleted, the user's system would continue to operate based on the keys that existed at the end points. The result would be less surprising.+So the operators of a PGP key server could announce that they would delete older PGP identities based on this creation date. They might be able to send out reminder messages based on the embedded email address in some cases. If an identity ended up being deleted, the user's system would continue to operate based on the keys that existed at the end points. The result would be less surprising
 + 
 +My suggested scheme would require that key servers reject submitted keys with creation dates in the future. In the same sort of way, a scheme based on key expiry would have to reject keys with expiry dates too far in the future. That would create an awkward and not very transparent requirement for the user. 
 + 
 +If there were multiple key IDs then obviously the newest would be used.
  
 Doing things in terms of the age of the identity allows the entity that actually cares about old identities to decide on the retention period as opposed to the owner of the identity who has no reason to care. The concept of bringing the identity up to date is more straightforward for the user than getting them involved in deciding on an expiry date. Doing things in terms of the age of the identity allows the entity that actually cares about old identities to decide on the retention period as opposed to the owner of the identity who has no reason to care. The concept of bringing the identity up to date is more straightforward for the user than getting them involved in deciding on an expiry date.
Line 141: Line 147:
 I am not all that sure about the idea behind this. It seems that there is some thought that PGP key expiry might help a user keep their cryptography more up to date. When the user updates their key expiry time that might be a good time to also update their cryptography preferences but they might be distracted by, you know, the fact that their key(s) expired. If the implementation is set up to help/remind them then we have to ask the question: why wait for key expiry to do that? The implementation knows what encryption preferences and methods are in use. It could bring up the subject at any time, not some years in the future when the key gets around to expiring. I am not all that sure about the idea behind this. It seems that there is some thought that PGP key expiry might help a user keep their cryptography more up to date. When the user updates their key expiry time that might be a good time to also update their cryptography preferences but they might be distracted by, you know, the fact that their key(s) expired. If the implementation is set up to help/remind them then we have to ask the question: why wait for key expiry to do that? The implementation knows what encryption preferences and methods are in use. It could bring up the subject at any time, not some years in the future when the key gets around to expiring.
  
-How often does this sort of thing need to be updated anyway? My CAST5 encrypted files from 20 years ago are still secure today. Currently there does not seem to be any good reasons for routine key size increases(([[em:20482030|2048 Bit RSA and the Year 2030]])).+How often does this sort of thing need to be updated anyway? My CAST5 encrypted files from 20 years ago are still secure today. Currently there does not seem to be any good reason for routine key size increases(([[em:20482030|2048 Bit RSA and the Year 2030]])).
  
 [[pgpfan:index|PGP FAN index]]\\ [[pgpfan:index|PGP FAN index]]\\
pgpfan/expire.1695128196.txt.gz · Last modified: by b.walzer