On Mon, 24 Nov 1997, David Sternlight wrote:
-> not only does everyone with an old RSA key have to generate a new key
-> but also a complete new set of signatures and web of trust must be built
-> if they wish to use the "better" algorithms. And the new keys must be
That's easy:
- Generate your new key.
- Sign it with your old key, possibly send it clear-signed or whatever.
- Send it to the persons who signed your old key. They can verify your
signature on the new key and since they checked you're the one with
the old key, they can validly assume you signed the new one allright.
- After this verification, they can sign the new key and send it back.
- In the unlikely event that someone got hold of your secret key, they
can simply revoke their sgnatures. It's really unlikely, however.
--
Christopher Creutzig # Im Samtfelde 19 # D-33098 Paderborn # V+49-5251-71873
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
"Das kann doch nicht so schwer sein, so ein paar Header zu erzeugen!"
(Eike Rathke auf der Gatebau'97)