-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 If I recall correctly, when generating the revocation certificate, you have an option to choose why the certificate is being generated, and one choice is "key compromised".
- --Avi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) - GPGshell v3.71 iF4EAREKAAYFAkmZhiEACgkQDWKwGfgOKfmcEQD/TSf6qX4hdnh7M+P2xQswvGfb IjLrq5KuJOeSztcjSJYA/AnoeBZE/zI8HnbM7R23miBMuzk5KU4Oh6KmTyBCSzJB =Gt1V -----END PGP SIGNATURE----- ---- en:User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.w...@gmail.com > Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 ---------- Forwarded message ---------- > From: Jonas Islander <m534c.subscr...@gmail.com> > To: gnupg-users@gnupg.org > Date: Mon, 16 Feb 2009 12:10:32 +0100 > Subject: Transferring identity to a new public key > When you suspect your private key may be compromised, it's obvious > that you should revoke the key pair, upload your revocation to the key > servers, and generate a new pair. But what is "best practice" for > telling people about your new public key - transferring your identity > to it, so to speak? > > Is there any point in adding a self-signed ID saying "Key compromised > - please use key with fingerprint xxxxxxxxx instead" before revoking? > > I'm thinking it's pointless, since an attacker could do the same, and > use it to transfer someone's identity to a new public key, which the > rightful owner cannot revoke. > > Am I right in thinking that anyone seeing a user ID of the form > "Please use key with fingerprint xxxxxxxxx instead" should ignore it > (since it may be an attempt to permanently steal someone's identity)? > > Am I right in thinking that someone whose key may be compromised, > should simply revoke it and start over from scratch with a new key > pair, proving their identity to each and every person signing it? > > > Similarly, if you believe your private key may be compromised, is > there any point in sending signed messages to everyone who has signed > your old public key, asking them to also sign your new one? > > I believe it's pointless, since the message could just as well be from > an attacker, and that anyone receiving such a message should refuse to > sign the new keys (and insist the sender prove their identity another > way). Am I right in thinking this? > > I've looked for answers to these questions, but most discussions about > transferring identity to new keys seem to deal with the situation > where someone has accidentally deleted their private key or forgotten > their passphrase, not the situation where the private key is still > accessible. >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users