Re: Migrating to GPG - A mini-HOWTO
On Tue, 14 Sep 1999, Martin Schulze wrote:
> > that the official thing for Debian is to have OpenPGP keys that are not
> > signed by older RSA keys without even mentioning that this is possible and
> > a good thing to do!
> I'm sorry, but you have to read the HOWTO again. I don't say that it
> is official in anyway. I can't do that and I know that.
Well, I think you could do that, after all you are part of new-maintainer,
-admin, etc. Anyhow the bit you quoted, although a bit subtle, gives the
document officialness because you say it is for explicit use with The
Debian Project. I guess it's just one of those weird English things
> "please edit and distribute". So why aren't you editing it and filling
> in all the parts that I don't know and nobody told me about? (Although
Well, I did suggest a number of changes but it would be extremely impolite
to just take your document, add all kinds of new things and redistribute
it - particularly if you disagree with the changes!
> If that would be an entirely bad idea then we should stop signing the
> .dsc and .changes files since it's based on the idea that the old key
> was valid as well. If you can't trust the old pgp key, what can you
> trust instead? I'm sorry!
Imagine that someone gets your private key and is out to masquerade as
you. He generates a new key and sends emails to all the people who signed
your old key with a blurb like the following:
Hi! I'm moving to a more secure key using a new algorithm and I'd like
it if you could all re-sign my new key.
He gets signatures from your unsuspecting friends. Now there are two keys
belonging to Martin, signed by a number of trusted people. You discover
this and issue a revokation certificate for your old key - however you
cannot revoke the key the attacker has created! So there is still a key
out there that for all intents and purposes appears to be from you.
The next step to undoing the damage would be to contact the people who
signed this key and get them to revoke the signatures they added - however
since you just revoked your old key there is no way for them to actually
know that it is -you- that is asking this. The only safe way would be for
you to physically visit them, show ID, get them to sign a new key and
revoke the sig on the bad key.
Even after doing all of this someone would still have to go to a key
server and download the revoked signatures before they could be certain
that this 'forged' key is not from you.
Compare that to having a private key compromised - all you get there is a
few emails you didn't write and a revoked key.
Go read the Key Signing howto and observe how paranoid it is.