encrypting to expired certificates

Martin Behrendt martin-gnupg-users at dkyb.de
Mon Sep 15 15:12:31 CEST 2014

Am 15.09.2014 um 14:10 schrieb Hauke Laging:
> I agree. But expiration does not necessarily mean "don't use at all". 
> Expiration is not the same as revocation. This is not affected by the 
> fact that revocation may be impossible (private key lost and 
> compromised).
> The RfC is quite clear about revocations. It is not about expirations.
> http://tools.ietf.org/html/rfc4880#section-
> Expiration is a good feature. Handling expired keys in this way 
> discourages using expiration dates, though.

2 arbitrary use cases:

1. One uses the expiration date as a reminder, to think about maybe
updating it to new standards or what so ever. In this case, a warning
when using an expired case is enough.

2. One lives in an hostile environment and it is possible that someone
can retrieve his private-key/pass-phrase and prevents him from revoking
the key. In this case preventing someone from sending you information
which might harm your well being is a good thing.*

Since the sender can't know how you use the expiration date I guess the
more conservative approach is the safer one if you consider extreme
cases like scenario 2.


*This is probably highly theoretical, I don't know.

More information about the Gnupg-users mailing list