[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

On Tue, Sep 14, 1999 at 09:21:22AM +0100, Philip Hands wrote:
> Martin Schulze <joey@finlandia.Infodrom.North.DE> writes:
> > If the people that signed the key are still known and also use GnuPG
> > these days, they can sign the new key as well.  If not, the maintainer
> > has to decide what to do.  It's good to have the option to continue
> > with the old key, though.
> Are you saying that people should sign keys received via e-mail,
> rather than face to face ?
> If so, I'm strongly against this.
> You should only sign keys which you have obtained from someone in
> person, who's identity you are reasonably certain of (i.e. passport).
> If I sign my GPG key with my PGP key, then people can decide if the
> GPG key is worthwhile on that basis.
> If I then go to a load of key signings and establish a GPG web of
> trust, people rightly get a higher level of confidence in my GPG key.
> That higher level of confidence would be misplaced if I'd simply
> mailed my key to all my old PGP signers, and they'd signed it.

Just a small thought - If there is a web of trust on pgp - You
should be able to transfer it to "gpg".

Just send the gpg key in a mail signed with pgp. You are
able to verify the consistency of the mail and is to the 
hand of the sender (aka Owner of the 2 Keys) to enshure
the content of the mail is valid (As He/She does when printing
fingerprints) ...
No just sign the mail (after checking the signature of the mail)
with your gpg key and send it back (signed or encrypted) ...

I prefer the transition to gpg although aothers might think
different. It is a bit painful that even with non-free software
plugins gpg is NOT able to sign/encrypt messages with RSA keys
( I know of no way ) 

A thing i dont like is mixing gpg and pgp signatures as pgp is
not able to process them ...

Florian Lohoff		flo@rfc822.org		      	+49-5241-470566
  ...  The failure can be random; however, when it does occur, it is
  catastrophic and is repeatable  ...             Cisco Field Notice

Reply to: