gpgsm and expired certificates

[Robert J. Hansen]

My previous email was pretty dry and impersonal.  This one is very personal.

> Isn't the NSA "a government based organisation?" Surely
> guilt-by-association renders every government based organisation just
> as nefarious as the NSA.

My current job is in software forensics -- discovering new ways to  
pull information off electronic media.  Most of the people funding  
research in this area are connected to the government somehow.  I  
would describe what a typical week for me entails but I'm pretty sure  
I would terrify and traumatize a good portion of the list.  (A great  
week for me is one in which I don't have to see, hear, or even think  
about, the three words, "Daddy, no, stop!")  But since some of my R&D  
funding comes from the government, I'm just as nefarious as the NSA.

John Moore III, who hasn't been seen on this list in ages, was always  
quite open about the fact he served in the Marine Corps attached to a  
signals intelligence unit at Fort Meade.  I'll let you do the math and  
figure out what three letter agency at Fort Meade does signals  
intelligence.  Apparently John's contributions to the GnuPG community  
mean nothing, because he's just as nefarious as the NSA.

Werner has taken money from the German government to do crypto-related  
software development.  Apparently Werner is just as nefarious as the  
NSA.

There are a lot of people on this list who have some kind of  
connection to the government.  Many of them -- us -- are deeply  
concerned about civil liberties, surveillance, and the future of  
liberty.  We are not your enemies and we do not deserve to be tarred  
with that brush.

You owe all of us an apology.