On 10/18/2012 07:39 PM, Daniel Kahn Gillmor wrote: > get_times in ParsePGP.ml checks the subpacket type against > ssp_exptime_id, which is set to 3 (which is correct, afaict [3]).
ah, looking a bit closer, i think i understand the situation here. when gpg sets the key expiration time, it does so by creating a key expiration subpacket (subpacket id 9) in the self-sig binding each User ID to the primary key. There is no signature expiration subpacket (subpacket id 3) in the self-sig which binds the User IDs to the key at all. Unfortunately, the fix is not so simple as changing ssp_exptime_id from 3 to 9, since the two subpackets' values' are measured differently. signature expiration subpackets are measured in seconds from the signature creation time, and key expiration subpackets are measured in seconds from key creation time. looking deeper at the code and the spec, it looks like we can't possibly get expiration from v4 primary key packets themselves. So it loos like sks needs to trawl all associated self-sigs (uids and direct-key sigs, but not subkey binding signatures -- and i don't think user attribute self-sigs matter for this either, since at least one uid is mandatory but one uat is not) for key expiration times, and aggregate them somehow into a maximum? something like (in pseudocode): if pub.expires is None: for each pub.uids as uid: if uid.is_not_revoked: mss = get_selfsig_with_max_creation_time(uid.selfsigs) if mss.key_expiration is not None: if pub.expires is None or pub.expires < mss.key_expiration: pub.expires = mss.key_expiration for each pub.directsigs as dsig: if dsig.key_expiration is not None: if pub.expires is None or pub.expires < dsig.key_expiration: pub.expires = dsig.key_expiration i'm a little unsure of the logic about the direct signatures. perhaps it should just select the key expiration time from the most recent direct signature? If a direct signature gets made on a key at time T with a key expiration subpacket of X seconds from creation, and then another direct signature gets made at time T+1 with a key expiration subpacket of X-1 seconds from creation, should the resulting expiration be X or X-1 ? What if the newer direct signature has no key expiration subpacket at all? --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel