encrypting to expired certificates
mailinglisten at hauke-laging.de
Mon Sep 15 16:03:02 CEST 2014
Am Mo 15.09.2014, 15:12:31 schrieb Martin Behrendt:
> 2 arbitrary use cases:
> 1. One uses the expiration date as a reminder, to think about maybe
> updating it to new standards or what so ever. In this case, a warning
> when using an expired case is enough.
> 2. One lives in an hostile environment and it is possible that someone
> can retrieve his private-key/pass-phrase and prevents him from
> revoking the key. In this case preventing someone from sending you
> information which might harm your well being is a good thing.*
Some time ago one of the well-known users of this list wrote:
"Secure communication with noobs is impossible. Period." (or similar)
I have quoted this (offline) quite often. If you are communicating in a
hostile environment then you must know a lot about email security and
you must restrict your communication to people of this kind. It at least
improbable that capable users under this circumstances have not
etablished rules which cover this case. As security is more important
than availablility someone it that situation would make sure that he can
revoke the certificate (or that someone else can). And, of course, as
the expiration date will not happen to match the compromise date he
would tell his contacts about the problem and not just hope they will
not feel like sending something before... You could try to create an
even stranger scenario in which this is not possible but that would not
affect the points that rules have been made and that such people would
act very conservative (i.e. they need not be forced to) but another
quote comes to my mind:
Rob has pointed out several times recently that "PGP" means PRETTY GOOD
privacy not PERFECT privacy. It is OK that GnuPG is usable for quite
high levels but those "1 in 1,000" cases can obviously not (and are not)
the base for default settings – and impossibility is much harder than a
> Since the sender can't know how you use the expiration date I guess
> the more conservative approach is the safer one if you consider
> extreme cases like scenario 2.
Of course, the sender can know that. In most cases he doesn't, though.
But he can make a much better guess than we.
Do you think it is not safe enough to warn the user? Does this have to
be enforeced because of whatever? Only this protection but nothing else?
Shall the software tell the user "In all other cases you know better
than me but in this one I know better than you"?
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users