1. Forum
  2. Usenet
  3. NEWS.GROUPS.PROPOSALS

  • Re: New control message signing key for Big Eight hierarchies

    From David E. Ross@21:1/5 to Charles Lindsey on Fri Oct 8 10:13:09 2021
    On 6/29/2021 7:53 AM, Charles Lindsey wrote:
    On 27/06/2021 23:39, Russ Allbery wrote:
    The control message signing key for the Big Eight hierarchies has changed. >> The new key is 8E181BEF0BE638962C1A5C98FAFE7B550C18C8B7, available from
    <https://www.eyrie.org/~eagle/big-8/> and signed with my personal key.
    The control message sender and key ID are unchanged.

    Why is it not also signed by he Old Key (weak as that may be).

    Agree!! It is customary when releasing a new public key to replace an
    older one to sign the new key with the older key. Since the older key
    is presumably verified and trusted, that supports verification and trust
    of the new key.


    Note that it is handy to keep a copy of the older gpg1 around for documents signed by ancient PGP keys (as control messages for uk.* still are), and gpg1 would still accept the signing of the New Key by the Old Key.



    --
    David E. Ross
    <http://www.rossde.com/>

    At his 26 June rally in Ohio, Donald Trump claimed he is still
    the President of the United States. Tell me, Mr. Trump, how
    many executive orders have you issued since 20 January? How
    many Congressional bills have your signed or vetoed?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Russ Allbery@21:1/5 to Charles Lindsey on Fri Oct 8 10:13:08 2021
    Apologies for not setting Followup-To on my original message so that this
    reply showed up on news.announce.newgroups.

    Charles Lindsey <chl@clerew.man.ac.uk> writes:

    Why is it not also signed by he Old Key (weak as that may be).

    It is. Why do you not think that it is? Maybe you're looking at it with
    GnuPG v2, which doesn't support the ancient signature?

    pub 4096R/FAFE7B550C18C8B7 2021-03-14 news.announce.newgroups
    sig FAFE7B550C18C8B7 2021-03-14 [selfsig]
    sig C25D3AD3B88DA9C1 2021-03-14 news.announce.newgroups
    sig D15D313882004173 2021-03-14 [User ID not found]
    sub 4096R/C9D50D98ED17C9A4 2021-03-14
    sig FAFE7B550C18C8B7 2021-03-14 [keybind]

    (D15D313882004173 is my personal key, which is not in that specific
    keyring.)

    Note that it is handy to keep a copy of the older gpg1 around for
    documents signed by ancient PGP keys (as control messages for uk.* still are),

    The uk.* folks should fix that. :)

    --
    Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)