Re: Key update in annual ping?

To: Mats Erik Andersson <mats.andersson@gisladisker.se>
Cc: debian-mentors@lists.debian.org
Subject: Re: Key update in annual ping?
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Fri, 26 Aug 2011 17:54:20 -0300
Message-id: <[🔎] 20110826205420.GB23507@khazad-dum.debian.net>
In-reply-to: <[🔎] 20110826173800.GB25285@mea.homelinux.org>
References: <[🔎] 20110826173800.GB25285@mea.homelinux.org>

On Fri, 26 Aug 2011, Mats Erik Andersson wrote:
> Which route should I go for?
> 
>   A. Send ping using old key. Then update the key and send
>      the updated key to the key server.
> 
>   B. Update the key now, then sending a ping using the new
>      key, and send this new key to the server.

C. update the key and send a ping signed by the old key, and a ping signed
by the new key.  One of the two pings will be accepted, or both will.

But you don't need to do that at all.

> I do not intend to replace the key, only to update the pass
> phrase and the date of expiration in my present key.

This does not make any changes to the key that would cause problems
downstream.  In fact, it only invalidates the key self-signature, which
gpg will regenerate automatically for that exact reason.  You do have to
send the updated public key to relevant keyservers.

It also changes the encrypted binary blob that gets stored in your
private keyring, obviously.  But that REALLY must never be visible to
anyone but yourself.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Key update in annual ping?
  - From: Mats Erik Andersson <mats.andersson@gisladisker.se>

Prev by Date: Key update in annual ping?
Next by Date: RFS: ruby-omniauth
Previous by thread: Key update in annual ping?
Next by thread: RFS: ruby-omniauth
Index(es):
- Date
- Thread