encrypting to expired certificates

[Peter Lebbing]

On 16/09/14 12:52, Martin Behrendt wrote:
> But as far as I know, in the US it says "Best before" to avoid that
> confusion and make clear that this product is probably still good, some
> time after that date.

In the Netherlands, we have both. "Expiration" means the food might be
spoiled and you could get sick if you eat it. "Best before" means it
might taste less, or have a different texture, simply: it won't be the
same quality.

So I'm aware of the difference.

Milk definitely has an expiration date. I happily use it beyond that,
when it looks good. It's a reasonably apt comparison because it is easy
to judge if milk is still good, just like you can confirm out of band
that a key is still good.

I'm fully aware that normally, a key shouldn't be used beyond it's
expiration. But there can be perfectly good reasons to use it anyway,
unlike a revoked key. Just like you can send an e-mail encrypted to a
key that doesn't bear that e-mail address in it's UID's, because you
know the recipient actually has more e-mail addresses than UID's. This
example was, to my surprise, mentioned in this thread as something you
shouldn't be allowed to do either.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>