Re: APT public key updates?
Nick Phillips <firstname.lastname@example.org> wrote:
> If the 2006 key takes (say) 15 months to compromise, then it is fine
> to use it to sign and verify the new key on 1/1/2007, so long as you
> perform that verification before March...
Or be able to proof the date of signing.
> IOW using the old key to sign the new key only requires that the old
> key be "good" at one point during the new year, whereas continuing to
> use the old key requires that it be "good" all year.
Yes, but it breaks a long term usage like web of trust.