PGP key server changes [was: RE: 1024-bit RSA keys in danger of compromise]

Lucky Green shamrock at cypherpunks.to
Wed Mar 27 22:55:05 EST 2002


 
Enzo wrote:
> Hmmm... I see that the new 4096-bit super-duper key, besides 
> its own (which doesn't prove much), only bears the signatures 
> of the now revoked -as potentially compromised- old keys 
> 0x375AD924 and 0xEEE8CFF3, plus 0x06757D2D (which turns out 
> to be a 1024-bit DSA key) and 0x50C0FEA7 (a lowly 2048-bit 
> RSA legacy key)...
> 
> Are you really our Lucky, or the NSA proving our worst fears 
> founded? ;-)

Oh, the curse of having to revoke a key that accumulated years of WOT
signatures...

My new pub key has since acquired a few signatures. You can always
get the latest version of my key by fingering shamrock at cypherpunks.to
or via LDAP from ldap://pgp.surfnet.nl:11370 (also known as
europe.keys.pgp.com, though this alias may not last much longer given
that it seems that the canonical PGP keyserver at keyserver.pgp.com
appears to already have ceased operations in the wake of NAI placing
PGP into "maintenance mode". At least I have been unable to connect
to that server for several days now. YMMV).

No, my new key will not interoperate with PGP 1.0, Bass-O-Matic, or
similarly outdated versions of PGP. Readers of this post are
discouraged from contacting me to inform me of this fact. I an well
aware of it and couldn't care less. Few, if any, programs that I use
today would run on the Macintosh DUO 230 on which I generated my
first 1024-bit PGP key back when I was an alpha tester for PGP 2.0.
Thanks to Moore's Law, my first-ever 1024-bit key took a hell of a
lot longer to generate on what was then a brand new machine than it
took to generate my new 4096-bit PGP key on the old K6-333 that I
used a few days ago to generated not only my new PGP key, but various
4096-bit SSH keys for good measure.

My suggestion would be to use the time saved by not sending me such
an email to upgrade your version of PGP instead. The key has been
tested to work fine with the current release versions of PGP for
Windows and Mac as well as GnuPG for UNIX and I presume Windows,
though I haven't tested GnuPG on Windows.

Those of you that know me are very much encouraged to contact me to
verify the fingerprint of my new key. If you have my personal mobile
phone number, just call. If you don't, email me for the number. Since
I would rather not post it to a public mailing list.

--Lucky



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list