Nathan (gemsling) wrote,
Nathan
gemsling

OpenPGP: seeking signers and guidance on revocation

To revoke or not to revoke? That is the question.

For someone who pratcically never uses OpenPGP, I'm spending a lot of time thinking about the management of my GnuPG keys. I just installed Mac GPG so that I can verify rsync.net's warrant canary.

I then created a keypair, as I never used my previous one and thought a fresh start would be good. But then I found my old one on keyserver.net, so...

- Do I revoke the old one and upload the new one?
- Or do I delete the new one and use the old one?

If I revoke, the old key and it's revocation will still be visible. There's nothing wrong with this, but it feels messy to me. But if I don't revoke, I don't get a nice fresh start with a carefully managed secret key. While I have no reason to think that anyone else might have my old secret key, it has ended up in several places over the last three years, due to my occasional, unstructured backups.

If you've read this far, you might be bored, or you might use OpenPGP yourself. If the latter is true and you know me personally, would you be willing to sign my public key (once I choose which one to use)?
Tags: tech
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment