When you suspect your private key may be compromised, it's obvious that you should revoke the key pair, upload your revocation to the key servers, and generate a new pair. But what is "best practice" for telling people about your new public key - transferring your identity to it, so to speak?
Is there any point in adding a self-signed ID saying "Key compromised - please use key with fingerprint xxxxxxxxx instead" before revoking? I'm thinking it's pointless, since an attacker could do the same, and use it to transfer someone's identity to a new public key, which the rightful owner cannot revoke. Am I right in thinking that anyone seeing a user ID of the form "Please use key with fingerprint xxxxxxxxx instead" should ignore it (since it may be an attempt to permanently steal someone's identity)? Am I right in thinking that someone whose key may be compromised, should simply revoke it and start over from scratch with a new key pair, proving their identity to each and every person signing it? Similarly, if you believe your private key may be compromised, is there any point in sending signed messages to everyone who has signed your old public key, asking them to also sign your new one? I believe it's pointless, since the message could just as well be from an attacker, and that anyone receiving such a message should refuse to sign the new keys (and insist the sender prove their identity another way). Am I right in thinking this? I've looked for answers to these questions, but most discussions about transferring identity to new keys seem to deal with the situation where someone has accidentally deleted their private key or forgotten their passphrase, not the situation where the private key is still accessible. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
