How long can you go with an expired key?

[coderman]

On Mon, Feb 25, 2008 at 1:38 AM, John Young <jya at pipeline.com> wrote:
> Encrypted email continues to be often used around some places.

the usability is poor, compared to things like off the record [0] and
opportunistic keying, etc.  while i use encrypted mail daily in a
professional context, i never use it in a personal one.  sooner or
later the dinosaurs will drop it too.


>  Turncoats abound, cpunks no different than anyone in succumbing
>  to contracts, bribery, threats, compromise, jealousy, hatred,
>  bitterness, and the rest of excuses shits give themselves for
>  screwing those who counted on others being more stupid than
>  they are.

it always tastes best when you cook it yourself.  (or at least, have
looked at the recipe and confirmed no cyanide or arsenic was
intentionally added *g*

[this, is my one complaint about OTR, building from source into a
useful client can be tedious compared to other methods...]


>  Recall that only a small number of cpunks ever posted to the list,
>  and that remains the case. And quite a few of those posted to
>  stimulate confessions and revealing info sec disclosures.

"you're being a bit brief, please go into detail"

:)


0. oh the hoops i had to jump to import an old otr 2.x key in gaim to
otr3.0.x in pidgin.  the friends list is also an interesting study in
use and frequency of re-key; while i can no longer recall when
A59CDCB3 46468A16 27D21678 270AF0B5 0B0477CF was originally generated
others appear to cycle as frequently as weekly or so.  interesting how
the same tool can span the key management spectrum from anonymous
opportunistic to strong mutually authenticated.