> Respectfully, Hauke, we just disagree on this. But your last > comment raises a crucial point that I think has bugged OpenPGP for > far too long: the software we use for OpenPGP has actually been far > too liberal about letting people use "not valid" keys.
If by "too liberal" you mean "it's possible to do it," then I don't see how to avoid it. You'd need a trusted timestamp on the certificate and a trusted timestamp on the machine using the certificates, and trusted timestamps are a hard, *hard* problem. Yes, OpenPGP is quite permissive about letting people encrypt to expired certificates, but I think that's more a factor of it being incredibly hard to prevent it than it is any neglect on the part of the OpenPGP authors. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
