Transferring identity to a new public key
avi.wiki at gmail.com
Mon Feb 16 16:28:42 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
If I recall correctly, when generating the revocation
certificate, you have an option to choose why the certificate is
being generated, and one choice is "key compromised".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.71
-----END PGP SIGNATURE-----
pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki at gmail.com
Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E
---------- Forwarded message ----------
> From: Jonas Islander <m534c.subscribe at gmail.com>
> To: gnupg-users at gnupg.org
> Date: Mon, 16 Feb 2009 12:10:32 +0100
> Subject: Transferring identity to a new public key
> When you suspect your private key may be compromised, it's obvious
> that you should revoke the key pair, upload your revocation to the key
> servers, and generate a new pair. But what is "best practice" for
> telling people about your new public key - transferring your identity
> to it, so to speak?
> Is there any point in adding a self-signed ID saying "Key compromised
> - please use key with fingerprint xxxxxxxxx instead" before revoking?
> I'm thinking it's pointless, since an attacker could do the same, and
> use it to transfer someone's identity to a new public key, which the
> rightful owner cannot revoke.
> Am I right in thinking that anyone seeing a user ID of the form
> "Please use key with fingerprint xxxxxxxxx instead" should ignore it
> (since it may be an attempt to permanently steal someone's identity)?
> Am I right in thinking that someone whose key may be compromised,
> should simply revoke it and start over from scratch with a new key
> pair, proving their identity to each and every person signing it?
> Similarly, if you believe your private key may be compromised, is
> there any point in sending signed messages to everyone who has signed
> your old public key, asking them to also sign your new one?
> I believe it's pointless, since the message could just as well be from
> an attacker, and that anyone receiving such a message should refuse to
> sign the new keys (and insist the sender prove their identity another
> way). Am I right in thinking this?
> I've looked for answers to these questions, but most discussions about
> transferring identity to new keys seem to deal with the situation
> where someone has accidentally deleted their private key or forgotten
> their passphrase, not the situation where the private key is still
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users