encrypting to expired certificates
Doug Barton
dougb at dougbarton.us
Tue Sep 16 17:59:58 CEST 2014
On 9/16/14 6:58 AM, Daniel Kahn Gillmor wrote:
> I've been in a situation where i'm sitting with a friend, talking about
> a project we're hoping to work on together, and i wanted to send them
> confidential information about the project to read later. I know they
> have an OpenPGP cert, so i fire up an e-mail, only to discover that
> their cert is expired (they don't use it often, and hadn't noticed).
>
> I point it out to them, they blush and say "yeah, that's on my laptop,
> which is fine, but it's at home. I'll update the expiration date when i
> get home".
I agree with Robert that symmetric encryption is your best bet, given
that you're sitting right there.
Meanwhile, all of the real world cases listed so far involve people who
have mismanaged their keys by not updating their expiration date. I'm
not sure that adding features to make that situation less painful is the
right direction to move.
I do like Werner's idea of moving the expiration date to the expert
menu. That would give us less instances of users twisting a knob just
because it's there.
Doug
More information about the Gnupg-users
mailing list