Re: kernel.org status: establishing a PGP web of trust
From: Jiri Kosina
Date: Tue Oct 04 2011 - 18:02:17 EST
On Tue, 4 Oct 2011, Heiko Carstens wrote:
> > I have a question here. In case people are 'reasonably certain' that the
> > old key has never been jeoparadized, why are they required to create a new
> > key?
> > (if the old key would have been compromised, the attacker could as well
> > generate a new key and sign it with the old key himself, so I fail to see
> > any benefit of this PGP excercise).
> > It doesn't make too much sense to force people to live with two different
> > personalities in this "PGP web of trust" world just for the sake of
> > kernel.org, does it?
> Also same question here. And as far as I can tell nobody has given an
> answer yet.
In the meantime, at least one reason came up in parallel discussion ... a
lot of people have those oldish keys generated as 1024bit or so, and using
And it seems like 4096/RSA is sort of required here.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/