On Mon, Feb 9, 2015 at 5:13 PM, elijah <[email protected]> wrote: > > (3) We need common practices for "verified key transitions".
Do you mean this: - When you replace your long-term key, the old key signs the new (and maybe vice versa)? - When someone presents their new key with correct signatures, you silently replace the old one in your local trust store (no key change warning) I wonder how useful that is. Consider the reasons for key replacement: 1) You lost your old key 2) You're proactively replacing your old key 3) Your old key was compromised This doesn't help (1). It avoids the warning in (2), but adds complexity - a public key no longer matches one fingerprint, now it can be verified by any fingerprint that chains to it. So your protocols have to deal with these chains, and users will encounter situations where they had one fingerprint for Alice before talking to her, and a different one after. (3) arguably becomes worse, because someone who steals your private key can silently replace the public key your correspondents have for you, just by messaging them. I'm not sure this is a net positive. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
