My current certificate, 0x23806BE5D6B98E10, dates to 2008. Back then I used the bog-standard defaults for new certificates: namely, a 2kbit DSA2 signing key with a 2kbit Elgamal encryption subkey. These were good choices then and are still solid choices today: if you're using that setup, please don't panic and please don't think you need to change. You don't.
However. Time moves on, and things that made sense back then don't make as much sense today. In 2008 I didn't realize how important smartcards would become, or how reluctant smartcard vendors would be to support DSA2. I also expected, perhaps foolishly, that the Fedora operating system would soon support signing software packages with DSA2; I was mistaken. Over time I've accumulated more certificates for various testing purposes. To test Enigmail's smartcard support I had a 2kbit RSA key on a smartcard; to test GnuPG's new ECC support I had a 512-bit ECDSA certificate; the list goes on and on. So, looking out over all this, I figured now was a good time to make a switch to a newly-generated certificate: 0x1DCBDC01B44427C7, which is going to become my all-in-one replacement -- I can store it on a smartcard, use it to sign Fedora packages, and have better long-term confidence in its security. The old certificate is still good and I'll continue to support it for about another six months. Early next year I'll retire it and the switchover will be complete. Until then, you'll be able to see that my messages are signed with *two* certificates -- my usual certificate and my new one. It's my hope that this will give people confidence in the continuity of identity. (Note that Enigmail will probably only show one signature in the UI. To get a full list you'll need to extract the PGP/MIME components, save them to disk, and run GnuPG at the command-line to get a complete list of which certificates have signed a message.) If anyone has any questions or comments, please feel free to ask. :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
