IETF Logo Mail Archive

Re: How to Calculate Signatures?

Ben Laurie <ben@algroup.co.uk> Mon, 04 April 2005 17:04 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA28601 for <openpgp-archive@lists.ietf.org>; Mon, 4 Apr 2005 13:04:00 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j34Ga8qp044526; Mon, 4 Apr 2005 09:36:08 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j34Ga8pl044525; Mon, 4 Apr 2005 09:36:08 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j34Ga7bL044518 for <ietf-openpgp@imc.org>; Mon, 4 Apr 2005 09:36:07 -0700 (PDT) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2061233C45; Mon, 4 Apr 2005 17:36:06 +0100 (BST)
Message-ID: <42516C7F.3050307@algroup.co.uk>
Date: Mon, 04 Apr 2005 17:34:07 +0100
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jon Callas <jon@callas.org>
Cc: Ian G <iang@systemics.com>, ietf-openpgp@imc.org, Hal Finney <hal@finney.org>
Subject: Re: How to Calculate Signatures?
References: <20050404043638.42B3F57EBA@finney.org> <42515A30.3060204@systemics.com> <3f5a429b03ed3a28992f269562b05eff@callas.org>
In-Reply-To: <3f5a429b03ed3a28992f269562b05eff@callas.org>
X-Enigmail-Version: 0.89.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Jon Callas wrote:
> 
>>
>> So the analysis needs to question not only the risks
>> but also the costs and benefits.
>>
>> The number of people who need to have DSA and keep
>> using their existing keys for signatures seems to be
>> quite small.  In order for these people to benefit,
>> they must be able to create the sigs, and everyone
>> else must be able to at least read the sigs.  So
>> any change will take a year or two to filter through
>> until there is wide enough distribution of verification,
>> and during that time, I suspect the slow uptake will
>> be over taken by events.
>>
>>
> 
> Yup. And the same thing applies to V3 keys as well. I've had vocal 
> complaints from people about their V3 key and how they're upset about 
> losing whatever trust issues there are from it being a decade or more old.

So what's wrong with signing your V4 key with your V3 key and moving on?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email