Encrypting with an message expiration date

Mario Castelán Castro mariocastelancastro at gmail.com
Sun Jan 3 20:55:37 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Januarty 3rd 2010 in gnupg-users at gnupg.org thread "Encrypting with an
message expiration date"

"self-destructing data" is a big fallacy, is almost the same issue as
computer "virus".

There is no data/software (Software is data) that act by itself, it
should be interpreted to take an effect.  A "computer virus" is a
malware that you run accidentally.  From my old days with Windows I
remember those malware in CD-ROMs with an run.ini inside (Or something
similar) that tells W to run the malware.  That virus is not self
acting, just that operating system is designed to interpret those
run.ini.  Not even the Operating System is self acting, you instructed
the CPU to run it!.

> GnuPG-Users:
>
> Is there a way to force an expiration date when encrypting a message
> for additional security. I have a friend who is inquiring. I've
> already informed him of the "for his/her eyes only" option.

There is no real way to *enforce* an expiration data.  In the same
manner virusses don't act by itself, data don't self destructs, just
the user runs the program to enforce the expiration date without ever
notice.

They user may simply chose to not run the program or to copy the data
and put in a safe place like an DVD before it gets deleted.  There are
of course, methods that make this much more hard, and almost
impossible, like the ones currently used for DRM.

The only kinda effective way I see to efectiveley enforce data
deletion are IC with a storage of energy inside (Say, supercapacitor)
that destroys the data (Ethier by zeroizing it or to detonate an small
explosion to destroy the internal of the IC) when ethier the energy is
too low, someone try to open the IC or too many bad keys are entered.
This IC would be self acting of course, as it is a phisical object but
it would be very very expensive or maybe impossible to build and no
one warranty they can be found methods to deactivate the protection
methods without delete the data.

DRM-like software wouldn't be usefull at all as software can be run in
simulated enviroments and removed, and it may be morally unaceptable
but that depends on the exact use I think.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEAREIAAYFAktA8pcACgkQZ4DA0TLic4jWAwCdFV1sfexBOYUwIvYkeDZlySgm
l8gAn2vsJr/ln7sP4Ch1ySuSMZlgztLG
=gBku
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list