encrypting to expired certificates

Nicholas Cole nicholas.cole at gmail.com
Tue Sep 16 07:01:24 CEST 2014

On Tue, Sep 16, 2014 at 1:12 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> That does not seem like an argument to me for telling the user what
>> is best for him.
> Hauke, this entire argument is what I meant when I talked about gilding
> the lily repeatedly.  If you can find half a dozen *real users* who are
> being *really impacted* by this, I'd love to hear about them.  But so
> far, all the discussion is so hypothetical that it's hard for me to take
> it seriously.
> I get that you view the current situation as in need of changing.  I
> don't agree, and I won't agree until I see six real life users whose
> usage of GnuPG would be made significantly better by making this change.
> Until then, all I can do about this 'problem' is yawn.

^ The six-real-user test should really be applied to all features in
all software!

Hauke, you make one strong case and one weak one. Yes, I agree that
GnuPG already lets you override so many things, why shouldn't it let
you override this?  It's not exactly logical (though I think that one
can reconstruct the logic).  But you are on weak ground when you try
to say that expiration dates are only a warning, or draw a distinction
between 'strong' and 'weak' statements that a key should not be used.
That maybe how you use them, and it may be that expiry dates on milk
are only warnings, but I have always read an 'expiry date' on a key to
mean 'Do not use after this date', just like an expiry date on an ID
card.  Yes, perhaps you do use them in other ways, but still.  I can
see you've hit a key-management problem. That is really the thing that
needs fixing, and if easy tools to do that are not available, then
they need to be.

Robert is right, I think. A little more 'policy', at least in the
sense of software assisting a shared sense of good practice, would
really help.


More information about the Gnupg-users mailing list