Enzo wrote: > Hmmm... I see that the new 4096-bit super-duper key, besides > its own (which doesn't prove much), only bears the signatures > of the now revoked -as potentially compromised- old keys > 0x375AD924 and 0xEEE8CFF3, plus 0x06757D2D (which turns out > to be a 1024-bit DSA key) and 0x50C0FEA7 (a lowly 2048-bit > RSA legacy key)... > > Are you really our Lucky, or the NSA proving our worst fears > founded? ;-)
Oh, the curse of having to revoke a key that accumulated years of WOT signatures... My new pub key has since acquired a few signatures. You can always get the latest version of my key by fingering [EMAIL PROTECTED] or via LDAP from ldap://pgp.surfnet.nl:11370 (also known as europe.keys.pgp.com, though this alias may not last much longer given that it seems that the canonical PGP keyserver at keyserver.pgp.com appears to already have ceased operations in the wake of NAI placing PGP into "maintenance mode". At least I have been unable to connect to that server for several days now. YMMV). No, my new key will not interoperate with PGP 1.0, Bass-O-Matic, or similarly outdated versions of PGP. Readers of this post are discouraged from contacting me to inform me of this fact. I an well aware of it and couldn't care less. Few, if any, programs that I use today would run on the Macintosh DUO 230 on which I generated my first 1024-bit PGP key back when I was an alpha tester for PGP 2.0. Thanks to Moore's Law, my first-ever 1024-bit key took a hell of a lot longer to generate on what was then a brand new machine than it took to generate my new 4096-bit PGP key on the old K6-333 that I used a few days ago to generated not only my new PGP key, but various 4096-bit SSH keys for good measure. My suggestion would be to use the time saved by not sending me such an email to upgrade your version of PGP instead. The key has been tested to work fine with the current release versions of PGP for Windows and Mac as well as GnuPG for UNIX and I presume Windows, though I haven't tested GnuPG on Windows. Those of you that know me are very much encouraged to contact me to verify the fingerprint of my new key. If you have my personal mobile phone number, just call. If you don't, email me for the number. Since I would rather not post it to a public mailing list. --Lucky --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]