I was going through some ancient backups and came across my original PGP 2.X keys from way back in the day. Back then, many of us worked hard to collect signatures to establish a web of trust. Of course this was ages ago now and as things have evolved, I’m now using newer keys. I’m not sure why this hadn’t occurred to me until now, but in migrating to newer keys, all those old signatures were lost. To be fair, I’m sure that most of those signatures could no longer be validated anyway since I’m sure everyone has moved on, but it got me thinking about the web of trust: Is that something people really even focus on any more? Also, how can the web of trust remain intact when there will inevitably come a time when key structures/algorithms will change again and people will need to generate new keys? What about key expiration, wouldn’t that cause a person to essentially have to start over with gathering signatures for new keys, or otherwise re-establishing trust?
I’m sure I’m missing something very basic, but would really appreciate any thoughts or explanation. Thanks in advance, Steve _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
