Robot CA at toehold.com

David Shaw dshaw@jabberwocky.com
Thu Dec 5 21:08:01 2002 

On Thu, Dec 05, 2002 at 11:30:13AM -0600, Kyle Hasselbacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Thu, Dec 05, 2002 at 11:13:27AM -0500, David Shaw wrote:
> >On Thu, Dec 05, 2002 at 02:09:58PM +0100, Michael Nahrath wrote:
> >
> >> Verifying nothing but mail adresses can be valid for a limited time.
> >> Mail addresses cange more often than real-life-identities.
> >> Your signature should reflect this in some way.
> >> 
> >> Either you give signatures that expire after a certain time (eg 6 months).
> >> I don't know if this is possible and if it doesn't raise a bunch of
> >> compatibility problems.
> >> Or you let the signing key expire (eg after 1 year).
> >
> >Better to expire the signatures themselves.  If you expire your
> >signing key, then everyone will have to get their key re-signed.
> 
> I wanted to make signatures that expire, but I didn't see an obvious way to
> do it with GnuPG.  If the key itself expires, it gives you the option of
> expiring your signature at the same time (and the robot does that), but I
> didn't see a way to set an arbitrary expiration date for a signature.
> 
> I considered having the robot's key expire periodically, but I decided
> against it.

You know, now that I think about this some more, whether the key or
the sigs expire, people are going to have to get re-signed
periodically.  (Let's say 1 year for the sake of argument).  Given
that, it's not clear which is better:

1) Expire the robot's key every year.

2) Expire each signature the robot makes every year.

3) Both (if you're planning on doing #1, there is no harm expiring the
   sigs at the same time).  No real benefit either though.

#1 helps with the problem that the robot's key lives on a box
publically available on the net.  If that box gets cracked, then the
robot's key can be abused.  This helps put a limit on the amount of
abuse possible (though you should still keep a revocation certificate
and revoke the key if necessary).  The drawback is that everyone using
the system would need to get the new robot key each year.

#2 is good since it simplifies what the end user needs to do -
specifically, they don't need to fetch a new key each key to verify
these signatures.

Given that there must be a way to revoke and re-issue a robot's key
(for example, you've already had to do this once), I'm leaning towards
#1 or #3 now.  Of course, I pulled the "1 year" time period out of
thin air.

Incidentally, the option you are looking for to make expiring
signatures is --ask-cert-expire.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson