encrypting to expired certificates
Martin Behrendt
martin-gnupg-users at dkyb.de
Mon Sep 15 15:12:31 CEST 2014
Am 15.09.2014 um 14:10 schrieb Hauke Laging:
>
> I agree. But expiration does not necessarily mean "don't use at all".
> Expiration is not the same as revocation. This is not affected by the
> fact that revocation may be impossible (private key lost and
> compromised).
>
> The RfC is quite clear about revocations. It is not about expirations.
>
> http://tools.ietf.org/html/rfc4880#section-5.2.3.3
>
>
> Expiration is a good feature. Handling expired keys in this way
> discourages using expiration dates, though.
2 arbitrary use cases:
1. One uses the expiration date as a reminder, to think about maybe
updating it to new standards or what so ever. In this case, a warning
when using an expired case is enough.
2. One lives in an hostile environment and it is possible that someone
can retrieve his private-key/pass-phrase and prevents him from revoking
the key. In this case preventing someone from sending you information
which might harm your well being is a good thing.*
Since the sender can't know how you use the expiration date I guess the
more conservative approach is the safer one if you consider extreme
cases like scenario 2.
Greetings
Martin
*This is probably highly theoretical, I don't know.
More information about the Gnupg-users
mailing list