Encrypting with an message expiration date
Robert J. Hansen
rjh at sixdemonbag.org
Mon Jan 4 07:17:06 CET 2010
> Morten Gulbrandsen wrote:
>> Allen Schultz wrote:
>>> Is there a way to force an expiration date when encrypting a message
>>> for additional security.
There are, as near as I can tell, only three options: either (a) you
trust the sender's clock, (b) you trust the recipient's clock, or (c)
you trust a third-party clock.
Once you know which clock the system is trusting, attack the clock.
Subvert and/or impersonate it, rewind time back, and view the message again.
Every time-based security scheme I've found has had this failure mode.
It seems to be impossible to avoid.
More information about the Gnupg-users