encrypting to expired certificates
Doug Barton
dougb at dougbarton.us
Tue Sep 16 19:31:00 CEST 2014
On 9/16/14 10:18 AM, Peter Lebbing wrote:
> On 16/09/14 16:41, Werner Koch wrote:
>> To put this discussion to an end, he may simply do a jump to the left
>> and put the option --faked-system-time ISODATESTRING on his command
>> line.
>
> Regardless of whether you personally support or oppose the possibility
> to override the expiry date, as it's your decision, I do want to point
> out that this creates an issue with encrypt-and-sign. Although a little
> footnote saying "hey dude, since your key expired in April, I had to
> sign in April" could be added. I do wonder how many people would
> understand that footnote, though.
.... which further highlights that adding options to make life easier
for people who don't understand what key expiry means, or how to manage
it properly, is probably not a good idea. :)
Doug
More information about the Gnupg-users
mailing list