Re: status: establishing a PGP web of trust

From: Jiri Kosina
Date: Tue Oct 04 2011 - 18:02:17 EST

On Tue, 4 Oct 2011, Heiko Carstens wrote:

> > I have a question here. In case people are 'reasonably certain' that the
> > old key has never been jeoparadized, why are they required to create a new
> > key?
> >
> > (if the old key would have been compromised, the attacker could as well
> > generate a new key and sign it with the old key himself, so I fail to see
> > any benefit of this PGP excercise).
> >
> > It doesn't make too much sense to force people to live with two different
> > personalities in this "PGP web of trust" world just for the sake of
> >, does it?
> Also same question here. And as far as I can tell nobody has given an
> answer yet.

In the meantime, at least one reason came up in parallel discussion ... a
lot of people have those oldish keys generated as 1024bit or so, and using

And it seems like 4096/RSA is sort of required here.

Jiri Kosina
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at