On Sat, Oct 05, 2013 at 05:32:18PM +0200, Stefano Zacchiroli wrote: > On Sat, Oct 05, 2013 at 08:17:48AM -0700, Jonathan McDowell wrote: > > Now. If you have a 2048 bit or larger key that has been signed by at > > least 2 other DDs but still have a 1024D key in our keyring you > > should be filing a request for replacement. > > I'm sorry, I realize only now I wasn't clear on this point. > > I was talking about the WoT at large, not only the Debian keyring. > I've indeed replaced my 1024D key wih my 4096R key in the Debian > keyring a long time ago. What I haven't yet done is _revoking_ the old > key. Doing that now should have no bad effect on the Debian keyring, > as any potentially "bad" effect there has already happened when I did > the replacement.
If we assume that 1024D keys have questionable security then at some point you stop trusting them entirely whether they're revoked or not. I finally revoked my 1024D about a year ago and should really have done so sooner. > > The more useful question is how many of the signatures on your new > > key come from strong keys, and how many strong keys have you signed > > with that new key? > > Right. If you happen to have a oneliner to verify that I'll be happy > to answer these questions :) I don't having anything to convenient answer that unfortunately. J. -- ] http://www.earth.li/~noodles/ [] Aunt Em: Hate Kansas. Hate you. [ ] PGP/GPG Key @ the.earth.li [] Taking dog. Bye. Dorothy. [ ] via keyserver, web or email. [] [ ] RSA: 4096/2DA8B985 [] [ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
