How long can you go with an expired key?

John Young jya at pipeline.com
Mon Feb 25 01:38:45 PST 2008 

Encrypted email continues to be often used around some places.

And encrypted files for transmittal is common, too. Sometimes for
online transmittal, other times for sending by offline means.

Probably what is happening is that those using encryption do not
advertise it as much as in earlier days, not least because of the
ease with which it calls attention to users for traffic analysis by 
those who are happy the fools don't know what they reveal.

And the more popluar encryption programs have no doubt been
compromised -- that is what "enterprise" means: to lure or
entrap crypto users into overly trusting supposedly secure
encryption for easy snooping on employees and citizens.

No serious info sec lover will use a single means for privacy.
And will always beware of absolutely trustworthy anything. That
is a mantra here.

Turncoats abound, cpunks no different than anyone in succumbing
to contracts, bribery, threats, compromise, jealousy, hatred,
bitterness, and the rest of excuses shits give themselves for
screwing those who counted on others being more stupid than
they are. 

Recall that only a small number of cpunks ever posted to the list, 
and that remains the case. And quite a few of those posted to 
stimulate confessions and revealing info sec disclosures.

Still not clear if public crypto was a masterful hoodwink, but likely
is, perfectly fitting the internet's astonishing success at inducing 
millions to blab and brag and believe a new era had arrived, privacy
protected by mathematics and open testing, not wanting to believe 
the mathematicians and testers got to make a living doing what
has to be done to keep the whining family happy, burp, ahem, 
ROTFL, etc.

Duplicity is inate, the boyos argue and have faith in, to justify
their rigging the info sec game.

At 09:00 AM 2/25/2008 +0100, Eugen Leitl wrote:
>On Sun, Feb 24, 2008 at 07:30:54PM -0600, J.A. Terranson wrote:
>
>> At the end of 2004, my annual key expiration event was allowed to pass 
>> without genning a new key: nobody had sent me encrypted mail in ages 
>> [years], and being the prick that I am, I started a little game instead.
>
>So nobody sends you encrypted mail.
> 
>> I left the expired key on the .sig, and started the clock to see how long 
>> it would take for someone to notice. January 1, 2005 through February 25, 
>> 2008: about 3 years.  
>
>So nobody sends you encrypted mail.
> 
>> I had fully expected a CP to be the lucky contestent, but alas, Cpunks 
>
>I don't know where cypherpunks are, they're for sure no longer on this 
>list.
>
>> dont bother with key management anymore - heck, we dont even bother with 
>> distributed email anymore AFAIK.  Alas, the alert correspondent was 
>
>Hey, you only now notice anonymous remailers have been dead for
>some half decade?
>
>> a commercial software vendor who makes little widgets.  I had made an 
>> inquiry about a mass purchase, and they noticed the [now profoundly] 
>> expired key, and decided to Do The Right Thing and encrypt.  Only they 
>> couldn't, as the key was deader than dead: it was "Tim May Someone Needs 
>> Killing Dead".  And, even better, they were nice enough to point it out, 
>> assuming I was unaware.  I am BCC'ing this post to said vendor: you really 
>> did do The Right Thing, and I applaud you for it!  That you are the only 
>> one to notice is, I hope, a sign of the attention to detail I will find in 
>> your widgets.
>> 
>> So, CP Distributed Lists are dead.  The list, singular is tottering, and 
>> has been for years, and now, I think I can proclaim Encryption Everywhere 
>
>O'Rly?
>
>Received: from proton.jfet.org (proton.jfet.org [69.60.117.34])
>        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
>        (Client CN "sp2734", Issuer "sp2734" (not verified))
>        by v64.ativel.com (Postfix) with ESMTP id 372521364084
>
>
>> as Dead On Arrival.  Even for so called crypto people.  Tis a sad day in 
>> Eurasia folks.
>
>FWIW, I still get encrypted mail, about one/month, or so.
>
>-- 
>Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
>______________________________________________________________
>ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list