encrypting to expired certificates

Sam Gleske sam.mxracer at gmail.com
Tue Sep 16 18:12:22 CEST 2014

This is a resent because I accidentally mailed Peter Lebbing directly
without the mailing list.

Allow me to lay to rest all the confusion in this thread.

On Tue, Sep 16, 2014 at 6:45 AM, Peter Lebbing <peter at digitalbrains.com>

> I wanted to encrypt a document to myself on an offline system[1].
> However, that copy of my own key was expired, and it wouldn't do it. I
> was in a bit of a hurry, trying to get things done. Now, I had to get a
> USB drive, start another computer, export my updated key, and import it
> on the offline system. If I had --expert followed by yes to an "Are you
> sure?" prompt, I would have done that and updated the copy when I had
> more time.

Not really sure where you're going with this.  It has already been
*established* that if you're the key owner you can adjust the expiration
date of the key.  I think there's a lot of confusion around the intention
of a floating expiration here.  Expiring keys have the following function:

Expiring local copies of public keys on other peoples' computers to force
them to get a public key update from the owner.  That is to say that if I
have Peter Lebbing's public key and it has expired that means I must reach
out to Peter Lebbing for the latest copy of the public key of the exact
same fingerprint.  Expiration in this context does not mean the key is
forever invalid.  It means that *my copy* is invalid until I get a more
recent update from Peter Lebbing.  That just means Peter Lebbing would have
changed the expiration date of his public key and extended it.  So when I
get his new expiration date that is the time in which I must reach out to
him next for another public key update of the same finger print.

This protects both the key owner and correspondent in a couple ways.

1) If I have an expired key and I check to see what the latest key is of
Peter Lebbing, he may have revoked it.  In this case it forced me to go out
and check and see that it was revoked so I *must* not use this key again.
He can give me his new key with proper WoT validation.
2) If Peter Lebbing as a key owner loses his key and my local public key of
Peter Lebbing expires then the next time I reach out to Peter Lebbing for
the latest key copy he can tell me he, in fact, lost the key and give me a
new one with proper WoT validation.

To bring this full circle: the expiration date's purpose is to force users
of any public key to periodically check with the key owner that the public
key is still valid.


So if a key is expired I *must* not encrypt with it.  I *should* instead
reach out to the key owner and ask for their latest public key of the same
fingerprint which would have a new adjusted expiration date.  This ensures
I'm not encrypting to a compromised key, a revoked key, or a key in which
the owner lost the private key.

If you're the owner of a key that has an expired date, you *should* extend
it to allow further use of the key by your contacts.  If you decide you
don't want to use the key any longer then you *should* revoke the key.  If
you accidentally lose your key then no worries, because eventually it will
expire and nobody could encrypt to it even if they wanted to.

Hope this helps,

8D8B F0E2 42D8 A068 572E
BF3C E8F7 3234 7257 E65F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140916/e164c295/attachment.html>

More information about the Gnupg-users mailing list