I think most of us use OTR now for communication we really care about being private. What you're seeing is more likely the impending death of email. (Though, for the lack of concern for PGP key lifetimes/validity/use/etc., you might have a look at my LISA 2003 talk -- it's got some great quotes in there from the cypherpunks and even one of the RFC 2440 authors about the usability of PGP. That's not to say usability hasn't improved in the last five years -- but it's more focused on enterprise systems -- so I'm not surprised your "winner" was a commercial vendor.) And the cypherpunks? That community has been dead for years. Y'all just didn't get the memo. ;) --Len. On Sun, 24 Feb 2008, J.A. Terranson wrote:
At the end of 2004, my annual key expiration event was allowed to pass without genning a new key: nobody had sent me encrypted mail in ages [years], and being the prick that I am, I started a little game instead.
I left the expired key on the .sig, and started the clock to see how long it would take for someone to notice. January 1, 2005 through February 25, 2008: about 3 years.
I had fully expected a CP to be the lucky contestent, but alas, Cpunks dont bother with key management anymore - heck, we dont even bother with distributed email anymore AFAIK. Alas, the alert correspondent was a commercial software vendor who makes little widgets. I had made an inquiry about a mass purchase, and they noticed the [now profoundly] expired key, and decided to Do The Right Thing and encrypt. Only they couldn't, as the key was deader than dead: it was "Tim May Someone Needs Killing Dead". And, even better, they were nice enough to point it out, assuming I was unaware. I am BCC'ing this post to said vendor: you really did do The Right Thing, and I applaud you for it! That you are the only one to notice is, I hope, a sign of the attention to detail I will find in your widgets.
So, CP Distributed Lists are dead. The list, singular is tottering, and has been for years, and now, I think I can proclaim Encryption Everywhere as Dead On Arrival. Even for so called crypto people. Tis a sad day in Eurasia folks.
//Alif
-- Yours, J.A. Terranson sysadmin_at_mfn.org 0xpgp_key_mgmt_is_broken-dont_bother
What religion, please tell me, tells you as a follower of that religion to occupy another country and kill its people? Please tell me. Does Christianity tell its followers to do that? Judaism, for that matter? Islam, for that matter? What prophet tells you to send 160,000 troops to another country, kill men, women, and children? You just can't wear your religion on your sleeve or just go to church. You should be truthfully religious.
Mahmoud Ahmadinejad
--Len.