Key rollovers, overlapping (Re: WKD: returns only one pubkey (and why))

Bernhard Reiter bernhard at intevation.de
Thu Feb 23 16:43:32 CET 2023


Am Donnerstag 26 Januar 2023 11:23:49 schrieb Simon Josefsson via Gnupg-devel:
> While we could recommend doing hard-stop key rollovers where you revoke
> the earlier key at the same time you migrate to the new key, I don't
> think that is a common habit nor am I sure this is even a good idea.
> Does anyone think we should recommend that?

Not me.
I think we should allow time-overlapping pubkeys for an email-address
(and any other UID) and thus recommend _smooth_ key rollovers.

Bernhard

-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230223/28852a7e/attachment.sig>


More information about the Gnupg-devel mailing list