On 12/9/2010 5:51 PM, John Clizbe wrote: > I just created new keys after almost 8 years, my old key was 1024D/2048ElG. > The > new keys are 2048-DSA2/2048-RSA and a 3x2048-RSA OpenPGP card.
My personal opinion -- can't back it up with anything more than my own meandering experience -- is that many OpenPGP users are way too attached to their certificates. Sooner or later you *will* have a key compromise event, you *will* need to revoke keys in a hurry and you *will* need to find some way to re-establish a WoT with your core correspondents. The question is not if, the question is only when. If you never revoke-and-reissue certs (perhaps out of a desire to preserve your WoT), then when the time comes not only are you going to be stressed out and not thinking clearly, but you'll be performing a task that's unfamiliar to you. This isn't something I'd think wise. Every couple of years I open a binder, flip to the Cert Revocation Checklist, and go down the list. It's a dry run for a for-real event. By the end of the event I've discovered places the checklist fails and needs to be fixed, found "oh, heck, Bob's entered my WoT since I last wrote this, I need to update that!", etc., etc. The one time I've needed my Cert Rev Checklist for-real, I was really glad I had it. I find this to be a useful exercise. Your mileage may, and probably will, vary. If you have a very well-developed WoT and don't want to jeopardize breaking other people's WoTs, then you might not want to do this. :) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
