https://bugs.kde.org/show_bug.cgi?id=28261
--- Comment #26 from Juha Tuomala <[email protected]> --- Actually - this is more important than one might understand at first look. Apart from some big countries like USA, goverment issued personal ID's are quite often equipped with X.509 certificates and it's not that far that you could encrpyt your messages using PKI keys. PKI makes it a whole lot easier as you don't need to worry how the recipient gets his/her certificate. That said, all personal ID based certificates employ some sort of HSM (hardware security module, a smartcard chip) which means, that owner, or not even the issuer can't get private keys out of the card - those public key pairs are generated on the chip. This leads to the conlusion, that even the PKI cards solve the key distribution problem and lower the bar to encrpyt your emails using it, they create a long term problem, that recipient cannot open his/her own messages once the certificates become outdated/invalid - typically in five or so years. Hence it would be very important to have a generic method to strip whatever encryption from incoming messages for long term archiving/saving. The same applies more or less to PGP/GPG keys, you can always loose them. Not sure if the 'best before' date applies there as well. I think it does. -- You are receiving this mail because: You are the assignee for the bug.
