PGP/MIME considered harmful for mobile

Ben McGinnes ben at adversary.org
Mon Feb 28 08:35:17 CET 2011


On 28/02/11 4:35 PM, Grant Olson wrote:
> On 02/27/2011 11:48 PM, Ben McGinnes wrote:
>>
>> Heh.  Are you aiming for some kind of simultaneously expired and
>> accepted key?  Schrödinger's Key, if you will.
>>
> 
> Yep, basically I will set my key to expire one day later and push it
> to the keyservers.  I will intentionally not retrieve the updated
> expiration on my machines and continue to sign as usual.  And see
> how long it takes people to catch on.

My guess is that it will probably take a while.

> I've always wondered how many people would actually realize a key
> has been revoked after publishing a revcert to the keyservers.  If
> could undo a revocation, I'd do that instead.  But I think a
> expiration is a good enough simulation.  It should cause people to
> raise some eyebrows if they're refreshing their keyrings regularly.

This is the thing.  I think a lot of people do tend to be quite lax
when it comes to refreshing keys from the keyservers.

> I've already got a date picked out.  You've been warned... ;-)

This, of course, has reminded me that it has been a while since I've
refreshed my own keyrings, so I'm running that now.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/7722feef/attachment.pgp>


More information about the Gnupg-users mailing list