encrypting to expired certificates

Hauke Laging mailinglisten at hauke-laging.de
Mon Sep 15 18:13:22 CEST 2014


Am Mo 15.09.2014, 14:33:55 schrieb Nicholas Cole:

> The
> expiry date is there exactly so that users do not have to explicitly
> revoke keys.

I doubt that this is the common interpretation of this feature.

One of the effects of expiration is that you can recognize (non-
compromised) dead keys. 


> Or do you think one should be able to encrypt to
> revoked keys too?

That is already easily possible: You can delete the revocation 
signature. That's it.

There are even cases in which I would consider that. If a revocation 
signature says that the key has been replaced then there is no reason to 
consider it unsafe. If I cannot verify the new key then it might be a 
good idea to use the revoked one.

However, that is not the point. As a revocation is a MUCH stronger 
statement than an expiration (key revocations are hardly superseded but 
it is normal that the key validity period is extended) you cannot 
reasonably argue that the same behaviour should be applied to both.

But the general rule applies here, too: A low level tool has to tell the 
user or higher level application what they need to know and has to let 
THEM decide how to react. A low level tool should provide every action 
that is possible. Not in the meaning that every possible action should 
be implemented but in that that nothing is absolutely prevented.


> I can't see any justification for encrypting to a key past its expiry
> date.  Either your correspondent is in a position to update the key,
> or he/she isn't.  In the latter case, the key should not be used.

OK, reality check. The reason for this thread is that a friend has sent 
an encrypted email to me yesterday. I could not reply to that because 
his certificate has expired (two weeks ago, one year after creation, 
because I set this expiration date).

I have created his certificate. That is an offline mainkey and he is 
probably not capable (or willing) to extend the validity period. He is 
not going to replace the key. It is not considered compromised. We(?) 
even talked on the phone today.

It is far from a serious assessment of the situation to claim that the 
key owner want me not to use this key any more. And this situation is 
far less strange than the other ones offered in this thread.

If you set an expiration date (no matter whether with GnuPG or the well-
known GUIs) then the software does not tell you that senders were not 
allowed / not capable to use this key after that date. It says something 
about "How long shall it be valid?".


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140915/cff0e09a/attachment.sig>


More information about the Gnupg-users mailing list