encrypting to expired certificates

Peter Pentchev roam at ringlet.net
Tue Sep 16 16:21:28 CEST 2014

On Tue, Sep 16, 2014 at 03:04:08PM +0100, Nicholas Cole wrote:
> Can anyone explain to me why one would want to continue using a key
> and yet not simply change the expiry date?  I really find all of the
> examples being given to be incredibly contrived.

Uhm, are you sure that you really mean to say "incredibly contrived" as
in "you guys must have tried your imagination really hard to come up
with these examples, none of which will happen in the real world", or do
you really mean "highly unlikely except in isolated use cases"?  Because
what people are showing you are real use cases, ones that have happened
with real people in the real world.  "Unlikely" and "isolated", yes, but
I wouldn't use "contrived" in this case.

> It takes no time at
> all these days to change the date and distribute the new key.  As I've
> said, if the tools to do this kind of thing easily do not exist, they
> need to be created.

The tools exist.  The issue - in most of the cases here - is that
sometimes people don't use all their PGP keys all the time and sometimes
it may happen that a key will be unused for months and the owner will
honestly not notice that (the system that the key resides on may not even
have been powered up for months).


Peter Pentchev  roam at ringlet.net roam at FreeBSD.org p.penchev at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140916/52c464f7/attachment.sig>

More information about the Gnupg-users mailing list