0.9.0 expiration date: does not work

[Bodo Moeller]

Werner Koch <wk at isil.d.shuttle.de>:

>                    A warning is now displayed when you verify a
> signature whose keys has expired.

> It should not be possible to use an expired secret key - I have to
> implement this.

Warnings are absolutely O.K., but it *should* be possible to use
expired expired (signing or decryption) secret keys.  You might want,
however, to introduce a new option that must be used if an expired key
is to be used (so that the user won't do that unintentionally).

One reason is that I might want to decrypt messages that were
encrypted to a now expired key of mine (the expiry means only that
no-one is supposed to _en_crypt messages to that key any more).

Another reason is that operations that _are_ cryptographically
possible should also be possible with the software, if only to save
crypto novices from getting things wrong.  If a user wants it to be
impossible to use a certain secret key, then they'll have to delete
it; period.  (Similarly, there are utilities that allow deleting
recipients from an encrypted message and that allow adding real or
fake recipients to an encrypted message, where a "fake recipient" is
someone who purportedly can decrypt the message, but whose public-key
encrypted session key packet actually contains only garbage.  The
existence of such tools makes it clear that the "recipient list" of
some message does not necessarily mean that the original sender of the
message encrypted that message to exactly those recipients who are
listed. -- Well, at least I _think_ that there are such tools; if
no-one published such things by now, at least they are possible.)