On 9/15/14 1:52 PM, Daniel Kahn Gillmor wrote:
I think Hauke is explaining that he is already in this third case; he figured out what was wrong (his peer doesn't have the means to update the cert's expiration date right now, but does not believe the key is compromised), and is now trying to get to the "proceeding" part.
So let's practice some argumentum ad absurdum. Let's say that I'm Hauke's correspondent, and I set an expiration date on my key because I felt there was a legitimate concern that myself, my key, or both were going to come under the control of a hostile entity. Now that worst case scenario has actually occurred, and it is no longer safe for anyone to send me encrypted communications using that key. But HALLELUJAH!, I'm safe because the software honors the spec and will not allow Hauke to encrypt to my key because it is expired.
"But Doug, that's ridiculous! Hauke's correspondent already told him that it's safe." Well of course she did, because that's what the hostile entity TOLD her to say. :)
Now that scenario has a lot of potential holes in it, so please don't waste electrons arguing how plausible it is or is not. The point I'm trying to make is simply that we don't know what we don't know. What we do know is that at this time Hauke's correspondent is not in control of her key, and as a result it's not safe to encrypt content to it.
Doug _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
