[Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key at intevation.de>"

Andre Heinecke aheinecke at gnupg.org
Mon Aug 5 14:17:18 CEST 2019


Hi,

On Monday 5 August 2019 13:32:33 CEST Thomas Arendsen Hein wrote:
> Andre, do you think it would be helpful to keep old keys available
> via WKD? If yes, either the WKD RFC needs to be adjusted (which
> possibly can be helpful for people having multiple keys, too, e.g.
> ed25519 and a more compatible fallback rsa3072 key, or during key
> rollover when emails are still signed with the old key, but a new
> key already is available) or we need to use different email
> addresses, e.g. distribution-key+2016 at ... for a key generated in
> 2016.

No, since 2019 Gpg4win longer signs using the old key and I think since 2016 
we signed with both keys to deprecate the old one, so I think just having the 
new key available is completely fine. E.g. If we were to rollover to a new key 
I would sign for some time using both keys but then I would only want to 
publish the new, stronger key.

The old key is still used by some "historic" apt repositories that intevation 
still publishes, so it should not be revoked.


Best Regards,
Andre

-- 
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf.  VR 11482 Düsseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke.    Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779.   Tel: +49-2104-4938799
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20190805/5e9eb93c/attachment.sig>


More information about the Gpg4win-users-en mailing list