How long can you go with an expired key?

Len Sassaman rabbi at abditum.com
Sun Feb 24 23:36:03 PST 2008 

I think most of us use OTR now for communication we really care about
being private.

What you're seeing is more likely the impending death of email.

(Though, for the lack of concern for PGP key lifetimes/validity/use/etc.,
you might have a look at my LISA 2003 talk -- it's got some great quotes
in there from the cypherpunks and even one of the RFC 2440 authors about
the usability of PGP. That's not to say usability hasn't improved in the
last five years -- but it's more focused on enterprise systems -- so I'm
not surprised your "winner" was a commercial vendor.)

And the cypherpunks? That community has been dead for years. Y'all just
didn't get the memo. ;)


--Len.

On Sun, 24 Feb 2008, J.A. Terranson wrote:

> At the end of 2004, my annual key expiration event was allowed to pass
> without genning a new key: nobody had sent me encrypted mail in ages
> [years], and being the prick that I am, I started a little game instead.
>
> I left the expired key on the .sig, and started the clock to see how long
> it would take for someone to notice. January 1, 2005 through February 25,
> 2008: about 3 years.
>
> I had fully expected a CP to be the lucky contestent, but alas, Cpunks
> dont bother with key management anymore - heck, we dont even bother with
> distributed email anymore AFAIK.  Alas, the alert correspondent was
> a commercial software vendor who makes little widgets.  I had made an
> inquiry about a mass purchase, and they noticed the [now profoundly]
> expired key, and decided to Do The Right Thing and encrypt.  Only they
> couldn't, as the key was deader than dead: it was "Tim May Someone Needs
> Killing Dead".  And, even better, they were nice enough to point it out,
> assuming I was unaware.  I am BCC'ing this post to said vendor: you really
> did do The Right Thing, and I applaud you for it!  That you are the only
> one to notice is, I hope, a sign of the attention to detail I will find in
> your widgets.
>
> So, CP Distributed Lists are dead.  The list, singular is tottering, and
> has been for years, and now, I think I can proclaim Encryption Everywhere
> as Dead On Arrival.  Even for so called crypto people.  Tis a sad day in
> Eurasia folks.
>
> //Alif
>
> --
> Yours,
> J.A. Terranson
> sysadmin_at_mfn.org
> 0xpgp_key_mgmt_is_broken-dont_bother
>
> What religion, please tell me, tells you as a follower of that religion
> to occupy another country and kill its people? Please tell me. Does
> Christianity tell its followers to do that? Judaism, for that matter?
> Islam, for that matter? What prophet tells you to send 160,000 troops
> to another country, kill men, women, and children? You just can't wear
> your religion on your sleeve or just go to church. You should be
> truthfully religious.
>
> Mahmoud Ahmadinejad
>

--Len.

More information about the cypherpunks-legacy mailing list