Thanks to Sven and Peter (was: Re: Lost passphrase)

[Thomas Sowa]

Hi,

i just created a new key, the revocation and tatood the passphrase on my left
toe :-=

Thanks for help, i figured that the situation looks bad, but hoped thare could
be done something. If it were, however, it would go at cost of security, so
it's all good.

Take care and watch out for your passphrases folks :-)
Thomas


Zitat von "Peter S. May" <me at psmay.com>:

> Sven Radde wrote:
> > If yes, you're quite screwed as it will stay there forever: New contacts
> > will not know which key to choose when they look your name up on the
> > keyservers. People might be smart enough to use the newer of the two
> > keys. If you don't rely so much on the keyservers to distribute your
> > key, it is also less of a problem.
> > This *will* sort itself out, however, after the email exchange with them
> > has begun: If you receive a message encrypted to your old key, you would
> > email them back to use the new one instead. It is just an inconvenience
> > to set up the "communication channel" to you. Once your communication
> > partner has the correct key in his local keyring, everything will be fine.
>
> I would add to this not to forget the role of Web of Trust in OpenPGP.
> To mitigate the effect of losing control of a key, get anyone who signed
> your public key (if applicable) to revoke their sigs on the old key and
> sign your new one, setting up new in-person meetings as necessary.  The
> consensus of even one person you have in common could be a sufficient
> clue as to which one is _probably_ right.
>
> Mis dos centavos
> PSM
>
>