encrypting to expired certificates

[Peter Lebbing]

On 16/09/14 16:16, Robert J. Hansen wrote:
> As a farm kid, the answer is a resounding "yes, and you should be 
> thanking me."

> American, European and Australian food supplies are the safest in
> the world precisely because we throw away so much good food.  Can we
> prove that the food is safe?  No?  Then we get rid of it.

Utter nonsense. I'm not advocating putting an expiry date on something
beyond what you can reasonably "guarantee" (in practice, milk sometimes
curdles before the expiration date, even though I sure didn't leave it
out of the fridge. Or fruit rots). I'm advocating that you judge what
you put in your mouth based on your own common sense.

This may be a cultural thing; I think they might care less about waste
of scarce resources in the US, but to me it is offensive to suggest you
should throw out perfectly good food or food with a few minor spots that
you can cut out. I certainly wasn't raised that way.

It's illegal to sell or even give out food that is past its expiry date.
Once it's in my fridge, I will decide whether I will eat it or not.

And that you appeal to authority and say I should take food health and
safety advice from you because you were raised on a farm... well...
let's just say it's a bit silly. Let's keep it at that.

By the way, if stuff regularly exceeds the expiration date in your home,
you should buy smaller portions, not throw out more. That's advice from
someone who isn't exactly a city boy but a farm boy neither.


But back on topic:

It was claimed that an expiry date should be seen as a hard deadline. It
was claimed that this was in the very word itself, as can be seen in
food and drinks expiry dates. I strongly state that this is a very poor
basis to conclude that on, because an expiry date on food is certainly
not commonly and largely viewed as a hard deadline for consumption.
Maybe in some cultures, but I don't see a list of cultures used during
drafting the RFC among the references.

> There's a subtlety there that I think you're missing.  Just because 
> something is good doesn't necessarily mean you can prove that it's 
> good... but knowing you *can't* prove that it's good is still enough
> to tell you what to do.

I missed no such thing. I think you're missing what a super market is
allowed to sell or give away and what I'm allowed to eat.

> Risk:   "A large number of users may wind up, through accident,
> error, or misadventure, disabling expiration checks on
> certificates."

Yes, because GnuPG surely knows better that even if it warns the user
with some capitals and asterisks and requires them to type 'yes', that
still, the user is probably too dumb to be reasonable about this.

I thought you yawned over this feature. It looks more like a growl.

> Correct, but this is sort of quibbling.

Opposing becasue of the addition of a really minor risk of
misconfiguration (who said anything about it being a persistent
option?), that's quibbling.

> "There is no assurance this certificate is valid, since we are past X
> in time.  Therefore, I will treat it as invalid until the certificate
> owner makes a new assurance."

It's not treated as invalid. You can trivially override the validity
check on the command line. It's treated as effectively temporarily revoked.

> While I agree that "I will treat this certificate as invalid" is a 
> different thing from "this certificate is invalid," in practice
> there's not much difference.

You are arguing with yourself. You bring up a difference, and then
refute it. I never talked about "treating" and "being".

> The point is that the absence of a certification is, itself, enough
> reason to avoid using a certificate.

> So would you be fine with a restaurant serving you expired milk, if
> the proprietor says "oh, hey, I used my nose and common sense, and
> it's okay"?

Here we go again. The restaurant is selling me something. I'm glad there
are laws for this.

However, if my neighbour handed me the drink with the same words when I
come over for coffee (er, milk), then yes, I would drink it. And I never
even made the point of handing it to anyone else, I made the point of
using your own judgement to determine what you put in your own mouth.

Let me be quite frank now. I can't quite imagine you don't see the
difference yourself. I think you're purposely ignoring it for the sake
of argument.

> When you are the only one bearing the consequences of your decisions,
> a lot more can be justified than when you are asking *other people*
> to bear the consequences of your decisions.

Hey, what do you know. You remembered! When it's part of your side of
the argument. I honestly wrote the previous paragraph before I read this
one. I started replying when you again advocated food waste and I got
offended, and went from there.

> And when you send email encrypted to an expired certificate, you are
> asking *your recipient* to put the confidentiality of your
> communication with them entirely in the hands of your judgment about
> whether their "I no longer certify this for use" statement should be
> respected.

You are always and invariably at the mercy of what your correspondent
chooses to send you. This is not somehow magically prevented by denying
users to encrypt to an expired key. There is no sliding scale, there are
no floodgates opened, you are just as much at the mercy of your
correspondents as before. This is bikeshedding.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>