PGP/MIME considered harmful for mobile

Grant Olson kgo at grant-olson.net
Mon Feb 28 06:35:58 CET 2011


On 02/27/2011 11:48 PM, Ben McGinnes wrote:
> On 28/02/11 2:59 PM, Grant Olson wrote:
>>
>> I've been toying with the idea of expiring my key and seeing how
>> long it takes for anyone to notice.  In fact, I've just decided I
>> will do this sometime in the next year.  It'll be interesting to see
>> how long it takes people to notice even after I've announced my
>> intentions.
> 
> Heh.  Are you aiming for some kind of simultaneously expired and
> accepted key?  Schrödinger's Key, if you will.
> 

Yep, basically I will set my key to expire one day later and push it to
the keyservers.  I will intentionally not retrieve the updated
expiration on my machines and continue to sign as usual.  And see how
long it takes people to catch on.

I've always wondered how many people would actually realize a key has
been revoked after publishing a revcert to the keyservers.  If could
undo a revocation, I'd do that instead.  But I think a expiration is a
good enough simulation.  It should cause people to raise some eyebrows
if they're refreshing their keyrings regularly.

I've already got a date picked out.  You've been warned... ;-)

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/875dc30a/attachment.pgp>


More information about the Gnupg-users mailing list