encrypting to expired certificates
Doug Barton
dougb at dougbarton.us
Tue Sep 16 00:02:14 CEST 2014
On 9/15/14 1:52 PM, Daniel Kahn Gillmor wrote:
> I think Hauke is explaining that he is already in this third case; he
> figured out what was wrong (his peer doesn't have the means to update
> the cert's expiration date right now, but does not believe the key is
> compromised), and is now trying to get to the "proceeding" part.
So let's practice some argumentum ad absurdum. Let's say that I'm
Hauke's correspondent, and I set an expiration date on my key because I
felt there was a legitimate concern that myself, my key, or both were
going to come under the control of a hostile entity. Now that worst case
scenario has actually occurred, and it is no longer safe for anyone to
send me encrypted communications using that key. But HALLELUJAH!, I'm
safe because the software honors the spec and will not allow Hauke to
encrypt to my key because it is expired.
"But Doug, that's ridiculous! Hauke's correspondent already told him
that it's safe." Well of course she did, because that's what the hostile
entity TOLD her to say. :)
Now that scenario has a lot of potential holes in it, so please don't
waste electrons arguing how plausible it is or is not. The point I'm
trying to make is simply that we don't know what we don't know. What we
do know is that at this time Hauke's correspondent is not in control of
her key, and as a result it's not safe to encrypt content to it.
Doug
More information about the Gnupg-users
mailing list