ietf-openpgp
[Top] [All Lists]

Re: How to Calculate Signatures?

2005-04-04 09:36:08

Jon Callas wrote:


So the analysis needs to question not only the risks
but also the costs and benefits.

The number of people who need to have DSA and keep
using their existing keys for signatures seems to be
quite small.  In order for these people to benefit,
they must be able to create the sigs, and everyone
else must be able to at least read the sigs.  So
any change will take a year or two to filter through
until there is wide enough distribution of verification,
and during that time, I suspect the slow uptake will
be over taken by events.



Yup. And the same thing applies to V3 keys as well. I've had vocal complaints from people about their V3 key and how they're upset about losing whatever trust issues there are from it being a decade or more old.

So what's wrong with signing your V4 key with your V3 key and moving on?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff