On Wed, May 04, 2005 at 06:26:30PM -0400, sean finney wrote: > istr discussing (or at least thinking to myself) a method of "rolling" > keys, where one key was used to sign another key, which would then > ideally be kept somewhere Safe for the case of unexpected expiration. > this second key could then be used to sign a third key, and so-forth. > i guess this wouldn't handle upgrades of apt that skipped a "key epoch", > but that could probably be worked around by keeping the old keys around > somewhere so that they could be used to somehow establish a chain of > trust to the newest key. > > in the case of a compromise you'd still need an extra verification; > because you'd have to assume that the compromised key could have been > used by the mean people to sign phony keys. that could pretty easily > be accomplished by attaching another d-d's signature to it when it > was generated, right? if the key was really kept somewhere Safe, there > would be no risk of the first key's compromise affecting it.
If you have some code which implements this, I will take a look, but this sort of thing is very awkward to do with gpg, and I don't think that there is much justification for this level of complexity. The existing scheme is simple, and works. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
