new (2003-11-30) keyanalyze results
David Shaw
dshaw at jabberwocky.com
Sun Nov 30 18:08:59 CET 2003
On Sun, Nov 30, 2003 at 05:33:01PM -0500, Jason Harris wrote:
> On Sun, Nov 30, 2003 at 10:52:25PM +0100, Ingo Klöcker wrote:
> > On Sunday 30 November 2003 21:33, Jason Harris wrote:
> > > New keyanalyze results are available at:
> > >
> > > http://keyserver.kjsl.com/~jharris/ka/2003-11-30/
> >
> > I wonder whether you excluded all ElGamal signing keys from the
> > keyanalyze. Or do you rely on their owners to revoke them?
>
> They are not specifically excluded. The (GPG-using) keyholders
> should revoke them as recommended in the recent security advisory,
> at which point they will be automatically excluded from keyanalyze.
According to the stats you sent earlier, only around 11% of Elgamal
sign+encrypt keys have been revoked. 21% are expired. 69% are still
usable. (The numbers don't add up to 100 since some keys are both
revoked and expired, plus I'm rounding).
I hope that when 1.2.4 comes out there will be some more revocations
since there is nothing else that can be done with a type 20 key in
1.2.4. Still, it is more likely that some of these are forgotten
keys.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20031130/23e6d577/attachment.bin
More information about the Gnupg-users
mailing list