From gnupg-devel Thu Feb 23 15:43:32 2023 From: Bernhard Reiter Date: Thu, 23 Feb 2023 15:43:32 +0000 To: gnupg-devel Subject: Key rollovers, overlapping (Re: WKD: returns only one pubkey (and why)) Message-Id: <202302231643.33394.bernhard () intevation ! de> X-MARC-Message: https://marc.info/?l=gnupg-devel&m=167716790523248 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============2954238041774111785==" --===============2954238041774111785== Content-Type: multipart/signed; boundary="nextPart7951972.1rnpLKvSV7"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart7951972.1rnpLKvSV7 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Donnerstag 26 Januar 2023 11:23:49 schrieb Simon Josefsson via Gnupg-dev= el: > While we could recommend doing hard-stop key rollovers where you revoke > the earlier key at the same time you migrate to the new key, I don't > think that is a common habit nor am I sure this is even a good idea. > Does anyone think we should recommend that? Not me. I think we should allow time-overlapping pubkeys for an email-address (and any other UID) and thus recommend _smooth_ key rollovers. Bernhard =2D-=20 https://intevation.de/~bernhard =C2=A0 +49 541 33 508 3-3 Intevation GmbH, Osnabr=C3=BCck, DE; Amtsgericht Osnabr=C3=BCck, HRB 18998 Gesch=C3=A4ftsf=C3=BChrer Frank Koormann, Bernhard Reiter --nextPart7951972.1rnpLKvSV7 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEvdlX+cT+D9xYPc1tK3ujv5vDpVQFAmP3iaUACgkQK3ujv5vD pVSCowv+K5WpPeqlOdG38v6d9n4EgHEPGgdZKjuBRl1Ic19Y1iJYK/qqCONTwMBs L2yKd0du1KbRYVr+BihXbg0b+YOoBoqcPiX7ZeXpuVkomuMHHTpUIL/CXL5HpX6P u3Ml+ikxQIFjAc1lNVcDXFTfIgdXIDxFcWO/YOOhfKH3PehJn5etoSPxCJmjgBG8 BboNNaz8bRZF98BIdZ4HWBvgV+Mw+yDadwMuRMI11TfbDoYepcjTInSEnMYtGmXU jLJ9Qy6RZyFjfu7xeBjG50/okS0Wju+a9HD3w82G8Q7zPzBSXUxCeWRzCidNH6eg MHgf8Dldt2i1rXQIJ+GQH5kdouwwKSAIsjrBRn/XBuAmLbWSE44GG1OIaDPqldPX m7M5Ri05GXa8SwPRk/ehrEddGGFKxnEP1S2a+GnoAv1aN0MoE8ocA/ffuUIdlubE IRtznyXl1ea+EHkzsjTunpWCUWlnZvGToobRKPmcM/Lnfn7lUaeqNrsRLlBXBulY O4LAzrkx =stoi -----END PGP SIGNATURE----- --nextPart7951972.1rnpLKvSV7-- --===============2954238041774111785== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel --===============2954238041774111785==--