Am Mo 15.09.2014, 15:02:14 schrieb Doug Barton: > I set an expiration date on my key because > I felt there was a legitimate concern that myself, my key, or both > were going to come under the control of a hostile entity.
a) What period do you choose for that? A day, a week, a month, a year? b) What prevents this hostile entity from extending the validity period? > Now that > worst case scenario has actually occurred, and it is no longer safe > for anyone to send me encrypted communications using that key. But > HALLELUJAH!, I'm safe because the software honors the spec and will > not allow Hauke to encrypt to my key because it is expired. You are under the control of a hostile entity but you are safe? Lucky you! What would happen in real life? Someone in such a situation (personal safety at risk) would establish a policy for key usage with those contacts who send information to him of which the disclosure might cause severe problems. In other words: Even if GnuPG allowed them to use expired keys (if expiration was considered a security means under this policy) they would not consider using them. Und the other hand: Everyone who relies on expiration disabling being enforced (and seriously: Who does? Who even knew before this thread what the exact behaviour of GnuPG is? Not even I did. And I a quite sure that information which not even I have about GnuPG cannot be the base for an expectation motivated rule.) is dangerously stupid. > The point I'm > trying to make is simply that we don't know what we don't know. That does not seem like an argument to me for telling the user what is best for him. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
