PGP/MIME considered harmful for mobile
ben at adversary.org
Mon Feb 28 08:35:17 CET 2011
On 28/02/11 4:35 PM, Grant Olson wrote:
> On 02/27/2011 11:48 PM, Ben McGinnes wrote:
>> Heh. Are you aiming for some kind of simultaneously expired and
>> accepted key? Schrödinger's Key, if you will.
> Yep, basically I will set my key to expire one day later and push it
> to the keyservers. I will intentionally not retrieve the updated
> expiration on my machines and continue to sign as usual. And see
> how long it takes people to catch on.
My guess is that it will probably take a while.
> I've always wondered how many people would actually realize a key
> has been revoked after publishing a revcert to the keyservers. If
> could undo a revocation, I'd do that instead. But I think a
> expiration is a good enough simulation. It should cause people to
> raise some eyebrows if they're refreshing their keyrings regularly.
This is the thing. I think a lot of people do tend to be quite lax
when it comes to refreshing keys from the keyservers.
> I've already got a date picked out. You've been warned... ;-)
This, of course, has reminded me that it has been a while since I've
refreshed my own keyrings, so I'm running that now.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users