Re: Moving to stronger keys than 1024D
On Sat, Oct 05, 2013 at 05:32:18PM +0200, Stefano Zacchiroli wrote:
> On Sat, Oct 05, 2013 at 08:17:48AM -0700, Jonathan McDowell wrote:
> > Now. If you have a 2048 bit or larger key that has been signed by at
> > least 2 other DDs but still have a 1024D key in our keyring you
> > should be filing a request for replacement.
>
> I'm sorry, I realize only now I wasn't clear on this point.
>
> I was talking about the WoT at large, not only the Debian keyring.
> I've indeed replaced my 1024D key wih my 4096R key in the Debian
> keyring a long time ago. What I haven't yet done is _revoking_ the old
> key. Doing that now should have no bad effect on the Debian keyring,
> as any potentially "bad" effect there has already happened when I did
> the replacement.
If we assume that 1024D keys have questionable security then at some
point you stop trusting them entirely whether they're revoked or not. I
finally revoked my 1024D about a year ago and should really have done so
sooner.
> > The more useful question is how many of the signatures on your new
> > key come from strong keys, and how many strong keys have you signed
> > with that new key?
>
> Right. If you happen to have a oneliner to verify that I'll be happy
> to answer these questions :)
I don't having anything to convenient answer that unfortunately.
J.
--
] http://www.earth.li/~noodles/ [] Aunt Em: Hate Kansas. Hate you. [
] PGP/GPG Key @ the.earth.li [] Taking dog. Bye. Dorothy. [
] via keyserver, web or email. [] [
] RSA: 4096/2DA8B985 [] [
Reply to: