Hi,

not sure about all the technical details, and these also may vary from
client implementation.

In this case we have to distinguish between the trust and cryptography.

The trust part includes expiration, revocation etc. They indicate
whether signed information could be trusted. If a signature was made
with an expired or a revoked certificate, the receiver should not trust
the signature.

From the crypto part: We just have private and public keys. So the bits
used for encryption and signing are still good. Means, regardless of
expired or revoked certs, signatures and en/decryption is still possible.

A (private) certificate includes the private and public keys and a
signature by a maybe trusted authority. When renewing, the signature is
renewed. The keys (imho) remain unchanged. So you should be able to use
a renewed certificate also to decrypt older mails (no guarantee that it
works with your client).

From a user perspective: renew your certificate and keep the old
(whether revoked or expired) one to be able to decrypt older mails if
necessary.
Even a revoked certificate may be of use for the owner. E.g. a user may
have received important encrypted mails before. Then, his certificate
gets compromised. The cert is revoked, so it is no longer trusted by
others. But the user may still want to encrypt his older mail.

Mario
--
Mit freundlichen Grüßen / Best regards

Mario Lipinski
Infrastructure Team Leader, E-Mail: mario-xHchwMmBYmcdnm+***@public.gmane.org
Organisation Assurer (Germany), Internet: http://www.cacert.org
Arbitrator / Case Manager
CAcert

Support CAcert: http://www.cacert.org/index.php?id=13
http://wiki.cacert.org/wiki/HelpingCAcert