How long can you go with an expired key?

[Bill Stewart]

At 11:36 PM 2/24/2008, Len Sassaman wrote:
>I think most of us use OTR now for communication we really care about
>being private.

When I've looked at OTR, it's basically an instant messaging client;
has anybody adapted it to carry email or other applications?

>What you're seeing is more likely the impending death of email.

I'd describe it much more as "the death of PGP support for email".
When my laptop got stolen a couple of years ago,
I did the right thing and genned up new keys,
and installed current versions of PGP (the free-beer version of the 
commercial product)
(and its Eudora plugin.)  A few months later the PGP expired,
and since I hadn't been sending encrypted email to anybody in a while,
I'd forgotten the new long-enough-for-21st-century passphrase (:-),
so I haven't been able to revoke the keys sitting out on the keyserver.
Periodically Hugh bitches at me about not sending/accepting encrypted email,
and I suppose I should just install GPG, using cut&paste instead of the
friendly email plugin, since not only is PGP no longer supporting
non-corporate users much, but Qualcomm has stopped supporting Eudora.

Meanwhile, at work, MS Outlook has a reasonably friendly interface
for sending encrypted and/or signed email, at least to coworkers,
and I can't use it because our internal certificate authority
can't generate a certificate for "billstewart at att.com",
though it's happy to generate one for "ws5832 at att.com",
an internal address I have no intention of sending to any humans.

>And the cypherpunks? That community has been dead for years. Y'all just
>didn't get the memo. ;)

On the other hand, the P2P-punks community is burning something like
30-50% of the bandwidth on the internet.
And that IPSEC technology that was a cutting-edge civil rights issue in the 90s
has become a routine commodity; it's how I've commuted to work for a decade 
or so.