keybase · maxtaco · Apr 4, 2018 · Apr 3, 2018 · Apr 4, 2018
diff --git a/go/libkb/expire_times.go b/go/libkb/expire_times.go
@@ -0,0 +1,18 @@
+package libkb
+
+// HonorPGPExpireTime determines whether expiration time on PGP sigs should be honored
+// during sigchain playback. For now, we don't see any reason not to, but we might
+// find a situation in the future that makes PGP expiration times
+// hard to work around. Return the expiration time (in seconds after the UTC Epoch)
+// to "honor" it, and "0" to ignore it. So honor it.
+func (g *GlobalContext) HonorPGPExpireTime(t int64) int64 { return t }
+
+// HonorSigchainExpireTime determines whether expiration time on sigchain links should
+// be honored or ignored. When keybase first started in 2014, there were some links
+// that were intended to expire in 5 years. With the benefit of 5 years of expirience,
+// we can now see little security rationale for this expiration, but tons of churn
+// if we decided to force key rotations. So return "0" to mean we no longer will
+// expire these keys automatically. They can of course be explicitly revoked. If you
+// fork this client, feel free to return "t" meaning yes, honor the expiration time
+// advertised in the sigchain. -- MK 2018.04.03
+func (g *GlobalContext) HonorSigchainExpireTime(t int64) int64 { return int64(0) }
diff --git a/go/libkb/keyfamily.go b/go/libkb/keyfamily.go
@@ -38,7 +38,8 @@ const (
 	ComputedKeyInfosV1             ComputedKeyInfosVersion = ComputedKeyInfosVersion(1)
 	ComputedKeyInfosV2             ComputedKeyInfosVersion = ComputedKeyInfosVersion(2)
 	ComputedKeyInfosV3             ComputedKeyInfosVersion = ComputedKeyInfosVersion(3)
-	ComputedKeyInfosVersionCurrent                         = ComputedKeyInfosV3
+	ComputedKeyInfosV4             ComputedKeyInfosVersion = ComputedKeyInfosVersion(4)
+	ComputedKeyInfosVersionCurrent                         = ComputedKeyInfosV4
 )
 
 // refers to exactly one ServerKeyInfo.
@@ -359,6 +360,7 @@ func (cki ComputedKeyInfos) InsertServerEldestKey(eldestKey GenericKey, un Norma
 		// For now, we continue to honor the foo_user@keybase.io etime in the case
 		// there's no sigchain link over the key to specify a different etime.
 		match, ctime, etime := pgp.CheckIdentity(kbid)
+		etime = cki.G().HonorPGPExpireTime(etime)
 		if match {
 			kid := eldestKey.GetKID()
 			eldestCki := NewComputedKeyInfo(kid, true, true, KeyUncancelled, ctime, etime, "" /* activePGPHash */)
@@ -389,7 +391,7 @@ func (ckf ComputedKeyFamily) InsertEldestLink(tcl TypedChainLink, username Norma
 	// We don't need to check the signature on the first link, because
 	// verifySubchain will take care of that.
 	ctime := tcl.GetCTime().Unix()
-	etime := tcl.GetETime().Unix()
+	etime := ckf.G().HonorSigchainExpireTime(tcl.GetETime().Unix())
 
 	eldestCki := NewComputedKeyInfo(kid, true, true, KeyUncancelled, ctime, etime, tcl.GetPGPFullHash())
 	eldestCki.DelegatedAt = tm
@@ -638,15 +640,16 @@ func (cki *ComputedKeyInfos) Delegate(kid keybase1.KID, tm *KeybaseTime, sigid k
 
 	cki.G().Log.Debug("ComputeKeyInfos#Delegate To %s with %s at sig %s", kid.String(), signingKid, sigid.ToDisplayString(true))
 	info, found := cki.Infos[kid]
+	etimeUnix := cki.G().HonorSigchainExpireTime(etime.Unix())
 	if !found {
-		newInfo := NewComputedKeyInfo(kid, false, isSibkey, KeyUncancelled, ctime.Unix(), etime.Unix(), pgpHash)
+		newInfo := NewComputedKeyInfo(kid, false, isSibkey, KeyUncancelled, ctime.Unix(), etimeUnix, pgpHash)
 		newInfo.DelegatedAt = tm
 		info = &newInfo
 		cki.Infos[kid] = info
 	} else {
 		info.Status = KeyUncancelled
 		info.CTime = ctime.Unix()
-		info.ETime = etime.Unix()
+		info.ETime = etimeUnix
 	}
 	info.Delegations[sigid] = signingKid
 	info.DelegationsList = append(info.DelegationsList, Delegation{signingKid, sigid})