Am Mo 15.09.2014, 15:12:31 schrieb Martin Behrendt: > 2 arbitrary use cases: > > 1. One uses the expiration date as a reminder, to think about maybe > updating it to new standards or what so ever. In this case, a warning > when using an expired case is enough. > > 2. One lives in an hostile environment and it is possible that someone > can retrieve his private-key/pass-phrase and prevents him from > revoking the key. In this case preventing someone from sending you > information which might harm your well being is a good thing.*
Some time ago one of the well-known users of this list wrote: "Secure communication with noobs is impossible. Period." (or similar) I have quoted this (offline) quite often. If you are communicating in a hostile environment then you must know a lot about email security and you must restrict your communication to people of this kind. It at least improbable that capable users under this circumstances have not etablished rules which cover this case. As security is more important than availablility someone it that situation would make sure that he can revoke the certificate (or that someone else can). And, of course, as the expiration date will not happen to match the compromise date he would tell his contacts about the problem and not just hope they will not feel like sending something before... You could try to create an even stranger scenario in which this is not possible but that would not affect the points that rules have been made and that such people would act very conservative (i.e. they need not be forced to) but another quote comes to my mind: Rob has pointed out several times recently that "PGP" means PRETTY GOOD privacy not PERFECT privacy. It is OK that GnuPG is usable for quite high levels but those "1 in 1,000" cases can obviously not (and are not) the base for default settings – and impossibility is much harder than a default setting. > Since the sender can't know how you use the expiration date I guess > the more conservative approach is the safer one if you consider > extreme cases like scenario 2. Of course, the sender can know that. In most cases he doesn't, though. But he can make a much better guess than we. Do you think it is not safe enough to warn the user? Does this have to be enforeced because of whatever? Only this protection but nothing else? Shall the software tell the user "In all other cases you know better than me but in this one I know better than you"? Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users