Help me to import my secret key please

Faramir faramir.cl at gmail.com
Sun May 9 23:10:57 CEST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel Kahn Gillmor escribió:
> On 05/09/2010 04:40 AM, Charly Avital wrote:
...
>> You might want to indicate in
>> the comment of the new key that the previous key (key ID) is not usable,
>> if yoi plan to upload the new public key to a key server
> 
> I'm not sure exactly what Charly means here, but i strongly recommend
> you do *not* put this kind of remark in the comment section of the User
> ID for your new key (between the name and the e-mail).  A better
...
> So why do i think you shouldn't put it in the comment section of your
> new User ID?  Your User ID is the linkage between your key and your
> real-world identity.  When you ask people to "sign your key", you are
> asking them to certify (a) that this key belongs to you, and (b) that
> they believe this User ID does really belong to you too.  If your User
> ID contains a string that does not really relate to you, you're asking
> people to certify something unusual and potentially meaningless.

  But comments field is for comments, not for identity information, so I
don't see any problem in adding a hint so people can know "which key
should I use?".

> Also, consider the situation 5 years from now -- hopefully you'll still
> be able to use the key you made today.  Do you really want a remark
> about this legacy key to follow you for 5 years?

  Good question, but, since the old key (unless it has expiration date)
will still be shown as valid at the keyservers, probably it wil haunt
him forever.

> Lastly, since you can't revoke the old key outright, you might consider
> contacting everyone who has already certified it and asking them to
> revoke their signatures on the key.  You can point them to your

  Yes, that can be the most useful way to let people know which key is
the right one.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJL5yThAAoJEMV4f6PvczxAo/8H/R82/aC24ryF+BSqprj3YTjS
Dep8k5bVw3KPanHiVLp7gR8I1oplNOOWxLvOqnMkjV8HZNpb4b8XtVBbctmc96xQ
y4wzYiqcvCm9t0OqqCnbl19o5E1Mak2T7n72Sm3NBYLIryPa8RTJePOFs0d2HPrH
K/+iI29C1omHaffabkgF0GM9xZhXSq4/psLkpqIMai4kA2diZ5624BHYumfFDi2J
b/LqHJCAikMSyhIXtTxGp5DRZK2eTGcVqbJKlRWZTp9B9BTevuZVkXU8da554w45
CIJAof83dCP0EseBPDv8YYywJZvdd1BA8gVTecmSPnu0tPaHfFdFnfQ4dGATBOY=
=xgpU
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list