encrypting to expired certificates

Hauke Laging mailinglisten at hauke-laging.de
Mon Sep 15 16:03:02 CEST 2014 

Am Mo 15.09.2014, 15:12:31 schrieb Martin Behrendt:

> 2 arbitrary use cases:
> 
> 1. One uses the expiration date as a reminder, to think about maybe
> updating it to new standards or what so ever. In this case, a warning
> when using an expired case is enough.
> 
> 2. One lives in an hostile environment and it is possible that someone
> can retrieve his private-key/pass-phrase and prevents him from
> revoking the key. In this case preventing someone from sending you
> information which might harm your well being is a good thing.*

Some time ago one of the well-known users of this list wrote:

"Secure communication with noobs is impossible. Period." (or similar)

I have quoted this (offline) quite often. If you are communicating in a 
hostile environment then you must know a lot about email security and 
you must restrict your communication to people of this kind. It at least 
improbable that capable users under this circumstances have not 
etablished rules which cover this case. As security is more important 
than availablility someone it that situation would make sure that he can 
revoke the certificate (or that someone else can). And, of course, as 
the expiration date will not happen to match the compromise date he 
would tell his contacts about the problem and not just hope they will 
not feel like sending something before... You could try to create an 
even stranger scenario in which this is not possible but that would not 
affect the points that rules have been made and that such people would 
act very conservative (i.e. they need not be forced to) but another 
quote comes to my mind:

Rob has pointed out several times recently that "PGP" means PRETTY GOOD 
privacy not PERFECT privacy. It is OK that GnuPG is usable for quite 
high levels but those "1 in 1,000" cases can obviously not (and are not) 
the base for default settings – and impossibility is much harder than a 
default setting.


> Since the sender can't know how you use the expiration date I guess
> the more conservative approach is the safer one if you consider
> extreme cases like scenario 2.

Of course, the sender can know that. In most cases he doesn't, though. 
But he can make a much better guess than we.

Do you think it is not safe enough to warn the user? Does this have to 
be enforeced because of whatever? Only this protection but nothing else? 
Shall the software tell the user "In all other cases you know better 
than me but in this one I know better than you"?


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140915/087318f2/attachment.sig>

More information about the Gnupg-users mailing list