On 05/09/2010 04:40 AM, Charly Avital wrote: > Yes, you can gnerate a new key pair with the same user ID email, the key > server will accept it. Do not forget to generate a revocation > certificate and to store in a safe place.
Yup, Charly is correct about this. You can actually have as many keys as you like with the same UID in the public keyservers. > You might want to indicate in > the comment of the new key that the previous key (key ID) is not usable, > if yoi plan to upload the new public key to a key server I'm not sure exactly what Charly means here, but i strongly recommend you do *not* put this kind of remark in the comment section of the User ID for your new key (between the name and the e-mail). A better approach is to make a key transition document that describes the situation, sign it with the new key, and post it publicly. For example: http://fifthhorseman.net/key-transition-2007-06-15.txt (if you still had access to your old key, you could have signed the transition statement with it too) So why do i think you shouldn't put it in the comment section of your new User ID? Your User ID is the linkage between your key and your real-world identity. When you ask people to "sign your key", you are asking them to certify (a) that this key belongs to you, and (b) that they believe this User ID does really belong to you too. If your User ID contains a string that does not really relate to you, you're asking people to certify something unusual and potentially meaningless. Also, consider the situation 5 years from now -- hopefully you'll still be able to use the key you made today. Do you really want a remark about this legacy key to follow you for 5 years? Lastly, since you can't revoke the old key outright, you might consider contacting everyone who has already certified it and asking them to revoke their signatures on the key. You can point them to your published key transition document as a start, but you'll probably want to also contact them offline -- this is also a good opportunity for you to ask them to certify your new key. That way, in the future, there will be no valid certifications on your old key, and which key people should choose for you should become clearer. Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
