encrypting to expired certificates
Doug Barton
dougb at dougbarton.us
Mon Sep 15 21:22:58 CEST 2014
On 9/15/14 12:06 PM, Hauke Laging wrote:
> Am Mo 15.09.2014, 09:47:21 schrieb David Shaw:
>
>> >I disagree with this. Expiration is the way the key owner (the person
>> >who knows best whether the key should be used or not) tells the
>> >world, "Do not use this key after this date".
>>
> Where do you take that from? Neither the RfC uses this description nor
> GnuPG nor any GUI I know.
Hauke,
Is this perhaps a language issue? The common English meaning of the word
"expire" is that after the date listed the thing that expired is no
longer valid/good/useable/etc. As far as I can tell, everyone on this
list who responded to you had the same understanding, which is that
after the expiration date the key is no longer valid. (A view I share,
FWIW.)
Meanwhile, you're presenting the options for an expired key as "use the
key, or send plain text." There is a third, and I daresay significantly
more preferable option, which is to use OOB communication to ascertain
how the other party would like you to proceed.
Imagine this scenario ... Alice sets an expiration date on her key
because she knows that after that expiration date her key is:
1. Likely to be compromised
2. Certain to be compromised
3. No longer in her control
4. Is actually now in Mallory's control
5. Other
You have no way to know which of those scenarios is the case. Further
(assuming that you took the step of refreshing Alice's key) you have no
way to know why she did not update the expiry date.
In this situation, it is certainly NOT safe to use that key for
encryption, and in fact "Don't send the message at all" is almost
certainly the right answer, unless you can determine in some OOB manner
what Alice wants you to do.
So FWIW, I think that GnuPG is doing the right thing here, and you may
wish to reconsider your perspective on the issue.
hth,
Doug
More information about the Gnupg-users
mailing list