encrypting to expired certificates

Nicholas Cole nicholas.cole at gmail.com
Mon Sep 15 15:33:55 CEST 2014


On Mon, Sep 15, 2014 at 1:10 PM, Hauke Laging
<mailinglisten at hauke-laging.de> wrote:

>> If a key has an expiry
>> date, GPG can be very very certain that that key should not be used
>
>> You can't make assumptions for the reason a key has an expiry date.
>
> Do you think these two statements are consistent?

>> It could be that after that date it would be insecure to send
>> encrypted data to that key.
>
> How is that possible without anything encrypted to this key before the
> expiration date becoming insecure, too? If a key has become insecure
> then it is to be revoked.

I don't know.  If a key says on it "You can use this key for these
email addresses up until this date" I think that tools SHOULD NOT use
the key beyond that date or for other email addresses.  I think in the
case of the expiry date, I'd see a strong case for MUST NOT.  The
expiry date is there exactly so that users do not have to explicitly
revoke keys.  Or do you think one should be able to encrypt to revoked
keys too?

I do see a difference with merely NOT VALID keys, because those keys
might be checked using some external trust system, though it is bad
practice 99% o the time, I suspect.

I can't see any justification for encrypting to a key past its expiry
date.  Either your correspondent is in a position to update the key,
or he/she isn't.  In the latter case, the key should not be used.



More information about the Gnupg-users mailing list