encrypting to expired certificates

Robert J. Hansen rjh at sixdemonbag.org
Tue Sep 16 21:15:04 CEST 2014


>>> You can't argue that these aren't real users. You can't argue
>>> it's not a real impact. You can only argue that the impact isn't
>>> that big. But that is a long shot from "so hypothetical it's hard
>>> to take seriously". I don't understand where that came from.
>> 
>> Sure I can.  You weren't really impacted by it.  You had easy 
>> mitigations available to you.
> 
> I was exactly asserting that you can only argue about the extent of
> the impact, not that there exists an impact.

Telling me that "[I] can't argue that it's not a real impact", when the
meaning of "real" that I've been using has been significance, and I
clearly *can* argue that it's not a real/significant impact, is an
invitation for me to do just that.  Your examples are not real impacts.

> Which suddenly makes it look like I made a false statement, when in
> fact I was simply stating that something that has an arguably small
> impact is a long shot from something that is "so hypothetical it's
> hard to take seriously".

Not really.  This 'problem' is so hypothetical it's hard to take
seriously.  I'm still waiting to see one single real user who has had
real impact from this, and that means the problem is still hypothetical.

> There, I've said it. Deal with it. In fact, thank me for it.

[shrug]  As soon as I let the opinions of other people I've never met
start weighing heavily on my self-esteem, I'll let you know.  Until
then, I really don't care.




More information about the Gnupg-users mailing list