[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that are expired or cannot be used for signing (Issue #1911)

Justus Winter notifications at github.com
Wed Feb 23 12:35:12 UTC 2022


> We don't look at expiry dates on main keys, on purpose. How are subkeys different?

I suppose you do that so that old signatures still check out even after the issuing certificate expires, e.g. old distribution certificates.

Note that outright ignoring expiration times is not the best way to accomplish this.

A consequence of ignoring expiration times is that expired certificates can still issue new signatures.  Imagine an old distribution  signing key being exfiltrated after it is expired.  Now, all installations that still have that old certificate in their set of trusted certificates will consider newly created signatures valid, even though their copy of the certificate says it is expired.

A better way is to look at the creation time of the signature you want to verify, then ask the question whether the certificate and its signing subkeys are valid at that point in time.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1911#issuecomment-1048737744
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/1911/1048737744 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220223/5503be22/attachment-0001.html>


More information about the Rpm-maint mailing list