How long can you go with an expired key?

J.A. Terranson measl at mfn.org
Sun Feb 24 17:30:54 PST 2008 

At the end of 2004, my annual key expiration event was allowed to pass 
without genning a new key: nobody had sent me encrypted mail in ages 
[years], and being the prick that I am, I started a little game instead.

I left the expired key on the .sig, and started the clock to see how long 
it would take for someone to notice. January 1, 2005 through February 25, 
2008: about 3 years.  

I had fully expected a CP to be the lucky contestent, but alas, Cpunks 
dont bother with key management anymore - heck, we dont even bother with 
distributed email anymore AFAIK.  Alas, the alert correspondent was 
a commercial software vendor who makes little widgets.  I had made an 
inquiry about a mass purchase, and they noticed the [now profoundly] 
expired key, and decided to Do The Right Thing and encrypt.  Only they 
couldn't, as the key was deader than dead: it was "Tim May Someone Needs 
Killing Dead".  And, even better, they were nice enough to point it out, 
assuming I was unaware.  I am BCC'ing this post to said vendor: you really 
did do The Right Thing, and I applaud you for it!  That you are the only 
one to notice is, I hope, a sign of the attention to detail I will find in 
your widgets.

So, CP Distributed Lists are dead.  The list, singular is tottering, and 
has been for years, and now, I think I can proclaim Encryption Everywhere 
as Dead On Arrival.  Even for so called crypto people.  Tis a sad day in 
Eurasia folks.

//Alif

-- 
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother

What religion, please tell me, tells you as a follower of that religion
to occupy another country and kill its people? Please tell me. Does
Christianity tell its followers to do that? Judaism, for that matter?
Islam, for that matter? What prophet tells you to send 160,000 troops
to another country, kill men, women, and children? You just can't wear
your religion on your sleeve or just go to church. You should be
truthfully religious.

Mahmoud Ahmadinejad

More information about the cypherpunks-legacy mailing list