How long can you go with an expired key?
J.A. Terranson
measl at mfn.org
Sun Feb 24 17:30:54 PST 2008
At the end of 2004, my annual key expiration event was allowed to pass
without genning a new key: nobody had sent me encrypted mail in ages
[years], and being the prick that I am, I started a little game instead.
I left the expired key on the .sig, and started the clock to see how long
it would take for someone to notice. January 1, 2005 through February 25,
2008: about 3 years.
I had fully expected a CP to be the lucky contestent, but alas, Cpunks
dont bother with key management anymore - heck, we dont even bother with
distributed email anymore AFAIK. Alas, the alert correspondent was
a commercial software vendor who makes little widgets. I had made an
inquiry about a mass purchase, and they noticed the [now profoundly]
expired key, and decided to Do The Right Thing and encrypt. Only they
couldn't, as the key was deader than dead: it was "Tim May Someone Needs
Killing Dead". And, even better, they were nice enough to point it out,
assuming I was unaware. I am BCC'ing this post to said vendor: you really
did do The Right Thing, and I applaud you for it! That you are the only
one to notice is, I hope, a sign of the attention to detail I will find in
your widgets.
So, CP Distributed Lists are dead. The list, singular is tottering, and
has been for years, and now, I think I can proclaim Encryption Everywhere
as Dead On Arrival. Even for so called crypto people. Tis a sad day in
Eurasia folks.
//Alif
--
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xpgp_key_mgmt_is_broken-dont_bother
What religion, please tell me, tells you as a follower of that religion
to occupy another country and kill its people? Please tell me. Does
Christianity tell its followers to do that? Judaism, for that matter?
Islam, for that matter? What prophet tells you to send 160,000 troops
to another country, kill men, women, and children? You just can't wear
your religion on your sleeve or just go to church. You should be
truthfully religious.
Mahmoud Ahmadinejad
More information about the Testlist
mailing list