Migrating keys
Atom 'Smasher'
atom-gpg at suspicious.org
Mon Nov 24 15:48:43 CET 2003
1) the second signature on your new key (the self-sig is the first)
should be from your old key.
you can also revoke your old key with a note that it's been superseded
by your new key; specify the new key ID, type, fingerprint, etc.
2) depending on why your creating a new key, it might be an option to
expire the sub-key and add a new one... that way you keep your signatures.
3) i would not accept a signed message (in itself) as a reason to sign &
trust a new key... i'd still verify the new key either through verbal
(phone) or physical (in-person) verification with the key's owner.
4) note: #1 and #3 contradict #2. in the case of #2 i'd accept the new
encryption key solely because it's signed by a trusted signing key; in the
case of #1 and #3 i wouldn't. i'm not sure why my brain wants to draw that
distinction, but it does... logically all of the above examples are
signing a new key with an old (trusted) key.
...atom
_______________________________________________
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"The capitalists owned everything in the world, and everyone
else was their slave. They owned all the land, all the
houses, all the factories, and all the money. If anyone
disobeyed them they could throw him into prison, or they
could take his job away and starve him to death. When any
ordinary person spoke to a capitalist he had to cringe and
bow to him, and take off his cap and address him as 'Sir'"
-- George Orwell
More information about the Gnupg-users
mailing list