-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Januarty 3rd 2010 in gnupg-users@gnupg.org thread "Encrypting with an message expiration date"
"self-destructing data" is a big fallacy, is almost the same issue as computer "virus". There is no data/software (Software is data) that act by itself, it should be interpreted to take an effect. A "computer virus" is a malware that you run accidentally. From my old days with Windows I remember those malware in CD-ROMs with an run.ini inside (Or something similar) that tells W to run the malware. That virus is not self acting, just that operating system is designed to interpret those run.ini. Not even the Operating System is self acting, you instructed the CPU to run it!. > GnuPG-Users: > > Is there a way to force an expiration date when encrypting a message > for additional security. I have a friend who is inquiring. I've > already informed him of the "for his/her eyes only" option. There is no real way to *enforce* an expiration data. In the same manner virusses don't act by itself, data don't self destructs, just the user runs the program to enforce the expiration date without ever notice. They user may simply chose to not run the program or to copy the data and put in a safe place like an DVD before it gets deleted. There are of course, methods that make this much more hard, and almost impossible, like the ones currently used for DRM. The only kinda effective way I see to efectiveley enforce data deletion are IC with a storage of energy inside (Say, supercapacitor) that destroys the data (Ethier by zeroizing it or to detonate an small explosion to destroy the internal of the IC) when ethier the energy is too low, someone try to open the IC or too many bad keys are entered. This IC would be self acting of course, as it is a phisical object but it would be very very expensive or maybe impossible to build and no one warranty they can be found methods to deactivate the protection methods without delete the data. DRM-like software wouldn't be usefull at all as software can be run in simulated enviroments and removed, and it may be morally unaceptable but that depends on the exact use I think. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREIAAYFAktA8pcACgkQZ4DA0TLic4jWAwCdFV1sfexBOYUwIvYkeDZlySgm l8gAn2vsJr/ln7sP4Ch1ySuSMZlgztLG =gBku -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
