encrypting to expired certificates

Robert J. Hansen rjh at sixdemonbag.org
Mon Sep 15 21:56:04 CEST 2014


> Where do you take that from?

>From the plain meaning of the word, "expiration."

There's a half-finished liter of milk in my fridge that's now a week
past its expiration date.  (Yes, yes, I'm going to throw it out once I
get home...)

If you want, feel free to come by.  I'll pour you a glass of milk.
After all, an expiration date doesn't mean "don't use this," right?
It's only a number that's to be interpreted according to however someone
wants.

> But it is absolutely not OK to enforce this really not obvious
> interpretation on others.

As has already been explained elsewhere, this cannot be enforced.

It is not GnuPG's job to set policy: if you really need the ability to
encrypt to expired certificates, go right ahead and do it.  However,
there is something to be said for making people go through an additional
couple of hoops before shooting themselves in the foot.

> In other words: OpenPGP users are used to their statements being 
> (easily) ignored.

In the cases you made, I think GnuPG would be improved by removing those
options.  This argument really isn't a winner.



More information about the Gnupg-users mailing list