encrypting to expired certificates

Doug Barton dougb at dougbarton.us
Tue Sep 16 00:24:58 CEST 2014


On 9/15/14 3:10 PM, Robert J. Hansen wrote:
>> What we do know is that at this time Hauke's correspondent is not in
>> control of her key, and as a result it's not safe to encrypt content
>> to it.
>
> Minor nit: it is not that we know Hauke's correspondent is not in
> control of her key -- it is that we do not know if she is.

In dkg's version of this particular conjecture he said, "his peer 
doesn't have the means to update the cert's expiration date right now." 
I think my conclusion, "she does not currently have control of her key" 
is reasonable, although I admit to a bit of hyperbole in order to make 
my version of the conjecture seem more dramatic. :)

OTOH, what scenario do you envision where not having the means to update 
the certificate does not translate into not having control of the key, 
even if on a temporary basis? I'm not saying that the key is compromised 
... simply that she does not have access to all the things she needs 
("secure" computer, the secret key, etc.) at this time. If you don't 
call that "not in control" what terminology do you think is more 
appropriate?

Doug




More information about the Gnupg-users mailing list