encrypting to expired certificates

Robert J. Hansen rjh at sixdemonbag.org
Mon Sep 15 21:30:23 CEST 2014


> I enjoyed that rant so much that I don't even mind that you have 
> misinterpreted what I said and attributed to me ideas I don't hold: 
> for which I'm prepared to take 50% of the blame!

Okay, I apparently misread.  I'm sorry about that.  It really annoys me
when people misread me, and I suspect you feel likewise.

> [F]rankly I can't think of an OS platform I really trust to be 
> secure, and if you can't trust the platform then a bets are off.
> Even Apple, who have every incentive to do so and control of both hw
> and sw, can't manage to keep their platforms secure.

There's an old saw about a drunken man who's leaning up against a
streetlamp while looking around for his keys.  A passer-by halfway down
the block finds the keys and takes them to the drunk.

"Why were you looking for them under the streetlamp if you lost them
down the block?" the passer-by asks.

The drunk answers, "I may have lost 'em down the block, but the
streetlamp I need to lean against is right here!"

I often think that's how many of us treat GnuPG.  Securing
communications is *hard*.  Tool development, which is only one part of
the equation, is easily-definable and quite tractable.  And rather than
say, "okay, the easily-definable and quite tractable part is done to an
acceptable level, now let's tackle the hard stuff," we instead have a
tendency to shout "No!  3DES shouldn't be a mandatory cipher!  It's
weak!  And oh God we're using 2048-bit keys by default and that's a
disaster!  And we don't support larger than 4096-bit keys!  And..."

Rather than tackle the Herculean problem of pulling the weeds from the
garden, we insist on gilding all the lilies... and then gilding them
again and again and again, because "there's still so much work to do."
All the while, the weeds keep growing.

So, yeah.  Violent agreement here.  I see a community that's obsessed
with gilding the lily again and again, and that has been very resistant
to suggestions that we need to broaden our perspective.



More information about the Gnupg-users mailing list