encrypting to expired certificates
Nicholas Cole
nicholas.cole at gmail.com
Tue Sep 16 07:01:24 CEST 2014
On Tue, Sep 16, 2014 at 1:12 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> That does not seem like an argument to me for telling the user what
>> is best for him.
>
> Hauke, this entire argument is what I meant when I talked about gilding
> the lily repeatedly. If you can find half a dozen *real users* who are
> being *really impacted* by this, I'd love to hear about them. But so
> far, all the discussion is so hypothetical that it's hard for me to take
> it seriously.
>
> I get that you view the current situation as in need of changing. I
> don't agree, and I won't agree until I see six real life users whose
> usage of GnuPG would be made significantly better by making this change.
>
> Until then, all I can do about this 'problem' is yawn.
^ The six-real-user test should really be applied to all features in
all software!
Hauke, you make one strong case and one weak one. Yes, I agree that
GnuPG already lets you override so many things, why shouldn't it let
you override this? It's not exactly logical (though I think that one
can reconstruct the logic). But you are on weak ground when you try
to say that expiration dates are only a warning, or draw a distinction
between 'strong' and 'weak' statements that a key should not be used.
That maybe how you use them, and it may be that expiry dates on milk
are only warnings, but I have always read an 'expiry date' on a key to
mean 'Do not use after this date', just like an expiry date on an ID
card. Yes, perhaps you do use them in other ways, but still. I can
see you've hit a key-management problem. That is really the thing that
needs fixing, and if easy tools to do that are not available, then
they need to be.
Robert is right, I think. A little more 'policy', at least in the
sense of software assisting a shared sense of good practice, would
really help.
N.
More information about the Gnupg-users
mailing list