encrypting to expired certificates

Doug Barton dougb at dougbarton.us
Tue Sep 16 17:59:58 CEST 2014

On 9/16/14 6:58 AM, Daniel Kahn Gillmor wrote:
> I've been in a situation where i'm sitting with a friend, talking about
> a project we're hoping to work on together, and i wanted to send them
> confidential information about the project to read later.  I know they
> have an OpenPGP cert, so i fire up an e-mail, only to discover that
> their cert is expired (they don't use it often, and hadn't noticed).
> I point it out to them, they blush and say "yeah, that's on my laptop,
> which is fine, but it's at home.  I'll update the expiration date when i
> get home".

I agree with Robert that symmetric encryption is your best bet, given 
that you're sitting right there.

Meanwhile, all of the real world cases listed so far involve people who 
have mismanaged their keys by not updating their expiration date. I'm 
not sure that adding features to make that situation less painful is the 
right direction to move.

I do like Werner's idea of moving the expiration date to the expert 
menu. That would give us less instances of users twisting a knob just 
because it's there.


More information about the Gnupg-users mailing list