[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Having more than one key in the Debian keyring



On Fri, Aug 08, 2003 at 10:37:57PM +0200, Martin Godisch wrote:
> On Fri, Aug 08, 2003 at 15:11:58 -0400, Kyle McMartin wrote:

> > Why are you replacing your key? Why can't you just add a subkey, or
> > another uid to your existing key? Alternatively, why can't you just
> > revuid or revkey the (uid/subkey)?

> Consider the case that your key has been compromised. Of course, you
> are careful to avoid this, but can you be sure? After several years?
> The longer you have your key the greater the possibility. If someone
> actually has your secret key, he won't tell you. Replacing your key
> regularly is the only way to be sure.

This is, however, incompatible with the current practices governing
management of the Debian keyring.  If you want to replace other keys,
feel free -- but don't expect it to fly for your Debian key.

(And what attacks are you protecting against?  Someone stealing your key
off of your person?  Brute-forcing your key?  Compromising your
computer?  Then how do you know your computer isn't still compromised,
and how do you know that some government hasn't broken the algorithms
used by PGP, enabling them to figure out anyone's secret key in a matter
of days?  Security is all relative.)

-- 
Steve Langasek
postmodern programmer

Attachment: pgp3WOwEu_YOi.pgp
Description: PGP signature


Reply to: