encrypting to expired certificates

Doug Barton dougb at dougbarton.us
Tue Sep 16 00:02:14 CEST 2014

On 9/15/14 1:52 PM, Daniel Kahn Gillmor wrote:
> I think Hauke is explaining that he is already in this third case; he
> figured out what was wrong (his peer doesn't have the means to update
> the cert's expiration date right now, but does not believe the key is
> compromised), and is now trying to get to the "proceeding" part.

So let's practice some argumentum ad absurdum. Let's say that I'm 
Hauke's correspondent, and I set an expiration date on my key because I 
felt there was a legitimate concern that myself, my key, or both were 
going to come under the control of a hostile entity. Now that worst case 
scenario has actually occurred, and it is no longer safe for anyone to 
send me encrypted communications using that key. But HALLELUJAH!, I'm 
safe because the software honors the spec and will not allow Hauke to 
encrypt to my key because it is expired.

"But Doug, that's ridiculous! Hauke's correspondent already told him 
that it's safe." Well of course she did, because that's what the hostile 
entity TOLD her to say. :)

Now that scenario has a lot of potential holes in it, so please don't 
waste electrons arguing how plausible it is or is not. The point I'm 
trying to make is simply that we don't know what we don't know. What we 
do know is that at this time Hauke's correspondent is not in control of 
her key, and as a result it's not safe to encrypt content to it.


More information about the Gnupg-users mailing list