I've only briefly looked at the issue with PGP keys that were generated with GnuPG, where the key can be compromised. What, it anything, have folks done regarding this issue? Have you revoked your old keys, and created new ones with a patched version of GnuPG? If so, what's the best way to get new keys distributed, have the revocation key sent to all the keyservers, etc.?
Thanks, Jeff
The key that's at risk is one that probably no one here has. It's an ElGamal *signing-only* key. The only way you can generate one of these is to manually select it when you create a key. The normal DSA/ElGamal key that GPG defaults to is not at risk, so there's currently no need to revoke your keys.
Cheers, Tanner -- Tanner Lovelace | lovelace(at)wayfarer.org | http://wtl.wayfarer.org/ --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4 GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- 101010 - The Ultimate answer to Life, the Universe and Everything.
pgp00000.pgp
Description: PGP signature
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
