On Fri, Aug 15, 2003 at 10:33:54AM -0400, Theodore Ts'o wrote: > On Tue, Aug 12, 2003 at 12:11:10PM -0500, Steve Langasek wrote: > > The point was that, if you're asking to replace a key in the keyring > > beacuse of problems with the way you managed it previously, it would be > > a good idea to present an explanation to the keymaster. The keymaster's > > job is not to facilitate arbitrary key changes; it's to protect the > > keyring from being compromised, while ensuring that trusted keys can be > > used to upload packages into the archive. This suggests that *not* > > accepting key replacements without a pretty strong reason is a sensible > > policy to follow, and that you're more likely to have things go your way > > if you give the keymaster a reason to believe your request is worth > > paying attention to. In contrast, "finding my brand new GPG key policy > > on the WWW is left as an exercise to the reader" doesn't seem to me like > > an effective use of the keymaster's time. > > > Actually, good key management policy states that every so often, you > *should* throw away your key and generate a new one from scratch. > Even if you're perfect (tm), something may have happened that you > didn't expect.... a very clever adversary could have carried out a > black-bag job on your computer, having installed a keyboard tap to > grab passwords and then trojan horsed your GPG binary, etc. > > The claim that you should never have to replace a key on the keyring > if you've been a good little doobie is so silly has to be completely > laughable. Also, you should cycle your signing key every 5-10 years anyway, to fend off the possibility of (slow but doable) brute force attacks. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
pgpP6Y6FCVNI0.pgp
Description: PGP signature