encrypting to expired certificates

Nicholas Cole nicholas.cole at gmail.com
Mon Sep 15 20:43:13 CEST 2014


On Monday, 15 September 2014, Robert J. Hansen <rjh at sixdemonbag.org> wrote:

> > Sorry. I've confused too issues.  Yes, it is hard to enforce expiry
> > dates in a 'secure' way. I wasn't meaning to suggest it was
> > something openpgp should try to do.  I don't think we should make it
> > easy to ignore them, that's all.
>
> Well, I still respectfully disagree, because -- oh, that's a rant.
>
> Then again, when has something being a rant ever stopped me?
>
> Okay: hang tight for some heresy.
>
> (Snip)


> But if you want to start waving the banner of, "POLICY!  GET SOME!",
> well, the line starts behind me.  :)
>

I enjoyed that rant so much that I don't even mind that you have
misinterpreted what I said and attributed to me ideas I don't hold: for
which I'm prepared to take 50% of the blame!

Just for the record: all I've ever said in this thead is that I don't think
there is a compelling case to add an option to gpg to ignore expiration
dates. That's all. Although, gosh! It already lets users do so many silly
things perhaps one more doesn't matter.

Your rant was a good one. I agree with much of it. Frankly, as a community
we haven't developed the tools and culture that might have assisted users
to develop good policy and good practice.

I also despair a little. PGP made more sense, in some ways, in the
early 1990s when most home and business computers were offline most of the
time. Maybe not been then.  Nowadays, I'm not at all sure I would trust
openpgp to protect me if I were really worried about my privacy being under
any kind of targeted attack: frankly I can't think of an OS platform I
really trust to be secure, and if you can't trust the platform then a bets
are off. Even Apple, who have every incentive to do so and control of both
hw and sw, can't manage to keep their platforms secure.

Of course, an air gap might help, but that really is a very major hassle
and I don't have cause.

I'm interested in the user interface problems that OpenPGP presents. That's
kept my interest in it alive for all these years. I don't have any high
hopes it will ever be widely adopted though: for most people, most of the
time, there is limited benefit, if any.

Nicholas.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140915/234c1ab1/attachment.html>


More information about the Gnupg-users mailing list