encrypting to expired certificates

Nicholas Cole nicholas.cole at gmail.com
Mon Sep 15 19:25:47 CEST 2014


On Mon, Sep 15, 2014 at 6:19 PM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> Respectfully, Hauke, we just disagree on this.  But your last
>> comment raises a crucial point that I think has bugged OpenPGP for
>> far too long: the software we use for OpenPGP has actually been far
>> too liberal about letting people use "not valid" keys.
>
> If by "too liberal" you mean "it's possible to do it," then I don't see
> how to avoid it.  You'd need a trusted timestamp on the certificate and
> a trusted timestamp on the machine using the certificates, and trusted
> timestamps are a hard, *hard* problem.
>
> Yes, OpenPGP is quite permissive about letting people encrypt to expired
> certificates, but I think that's more a factor of it being incredibly
> hard to prevent it than it is any neglect on the part of the OpenPGP
> authors.

Sorry. I've confused too issues.  Yes, it is hard to enforce expiry
dates in a 'secure' way. I wasn't meaning to suggest it was something
openpgp should try to do.  I don't think we should make it easy to
ignore them, that's all.

No the other issue I was pointing to was that many users (probably)
never bother to certify the keys of the people they communicate with
and just ignore the fact that the keys are invalid.  Because it is
easy (though unwise) to use PGP/GPG in this way, I don't think
developers have really paid enough attention to encouraging users to
certify the keys they are trying to use or to use keys that are in a
web of trust (nb. a web of trust not The Web Of Trust).  Instead,
we've actually had endless threads about when to 'sign' keys (only if
three passports produced that have been certified by unicorns etc)
that are probably very off-putting to new users.



More information about the Gnupg-users mailing list