On Fri, Aug 08, 2003 at 10:37:57PM +0200, Martin Godisch wrote: > On Fri, Aug 08, 2003 at 15:11:58 -0400, Kyle McMartin wrote: > > Why are you replacing your key? Why can't you just add a subkey, or > > another uid to your existing key? Alternatively, why can't you just > > revuid or revkey the (uid/subkey)? > Consider the case that your key has been compromised. Of course, you > are careful to avoid this, but can you be sure? After several years? > The longer you have your key the greater the possibility. If someone > actually has your secret key, he won't tell you. Replacing your key > regularly is the only way to be sure. This is, however, incompatible with the current practices governing management of the Debian keyring. If you want to replace other keys, feel free -- but don't expect it to fly for your Debian key. (And what attacks are you protecting against? Someone stealing your key off of your person? Brute-forcing your key? Compromising your computer? Then how do you know your computer isn't still compromised, and how do you know that some government hasn't broken the algorithms used by PGP, enabling them to figure out anyone's secret key in a matter of days? Security is all relative.) -- Steve Langasek postmodern programmer
Attachment:
pgp9Qm1_GpLcK.pgp
Description: PGP signature