Re: [mentors] Keysign request
also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > Is there anyone in the Austin, TX area who would be able to get together > this month to sign my new key (old one is expiring)? um, can't you just change the expiration date and keep all signatures? martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] -- a life? where can i download that? pgpdF0lQiAC8Q.pgp Description: PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:27:49PM +0200, Martin F. Krafft wrote: > also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > > Is there anyone in the Austin, TX area who would be able to get together > > this month to sign my new key (old one is expiring)? > > um, can't you just change the expiration date and keep all signatures? No. Changing the expiration date invalidates the signatures. -- Taral <[EMAIL PROTECTED]> (This message is digitally signed. Please encrypt mail if possible.) "Any technology, no matter how primitive, is magic to those who don't understand it." -- Florence Ambrose pgpGIN1V32C6W.pgp Description: PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 01:41:44PM -0500, Taral wrote: > On Tue, Jul 03, 2001 at 08:27:49PM +0200, Martin F. Krafft wrote: > > also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > > > Is there anyone in the Austin, TX area who would be able to get together > > > this month to sign my new key (old one is expiring)? > > > > um, can't you just change the expiration date and keep all signatures? > > No. Changing the expiration date invalidates the signatures. I have changed my expiration date since getting signatures, and I can't get gpg to say the signatures are invalid. -- Harry Henry Gebel West Dover Hundred, Delaware GPG encrypted email gladly accepted. Key ID: B853FFFE Fingerprint: 15A6 F58D AEED 5680 B41A 61FE 5A5F BB51 B853 FFFE pgpggJQzKtinG.pgp Description: PGP signature
Re: [mentors] Keysign request
also sprach Taral (on Tue, 03 Jul 2001 01:41:44PM -0500): > On Tue, Jul 03, 2001 at 08:27:49PM +0200, Martin F. Krafft wrote: > > also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > > > Is there anyone in the Austin, TX area who would be able to get together > > > this month to sign my new key (old one is expiring)? > > > > um, can't you just change the expiration date and keep all signatures? > > No. Changing the expiration date invalidates the signatures. does it? [some lines omitted for brevity - operation on backup copy] fishbowl:~> gpg --edit-key 330c4a75 pub 1024D/330C4A75 created: 2001-06-20 expires: 2002-06-20 trust: sub 2048g/D99FEE8D created: 2001-06-20 expires: 2002-06-20 (1). Martin F. Krafft <[EMAIL PROTECTED]> Command> check uid Martin F. Krafft <[EMAIL PROTECTED]> sig! 330C4A75 2001-06-20 [self-signature] sig! 888354F7 2001-07-02 Richard Atterer <[EMAIL PROTECTED]> Command> expire Key is valid for? (0) 2y Key expires at Thu Jul 3 20:49:57 2003 CEST Is this correct (y/n)? y pub 1024D/330C4A75 created: 2001-06-20 expires: 2003-07-03 trust: sub 2048g/D99FEE8D created: 2001-06-20 expires: 2002-06-20 (1). Martin F. Krafft <[EMAIL PROTECTED]> Command> check uid Martin F. Krafft <[EMAIL PROTECTED]> sig! 330C4A75 2001-07-03 [self-signature] sig! 888354F7 2001-07-02 Richard Atterer <[EMAIL PROTECTED]> don't tell me i am just not getting this GPG/PGP business again. but maybe someone can tell me what the subkey (D99FEE8D) is? that's for encryption, right? that's not signed by anyone anyway, is it? cause i don't seem to be capable of changing the expiration date on that one. and besides, i noticed a lot of the keys on debian users are with expiration dates. that's a good thing (tm). but judging from the wast amounts of signatures some people have collected, i doubt that process takes place every year, again and again... martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] -- the young lady had an unusual list, linked in part to a structural weakness. she set no preconditions. pgpJP6zzqWIE0.pgp Description: PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:57:08PM +0200, Martin F. Krafft wrote: > Command> expire > Key is valid for? (0) 2y > Key expires at Thu Jul 3 20:49:57 2003 CEST > Is this correct (y/n)? y You are quite correct. Changing the expiry only requires recalculation of the self-signature, not all signatures. However, this updated key conflicts with the existing key on the keyservers. I don't really want to do that. I'd prefer to get my new key signed. Anyone? -- Taral <[EMAIL PROTECTED]> (This message is digitally signed. Please encrypt mail if possible.) "Any technology, no matter how primitive, is magic to those who don't understand it." -- Florence Ambrose pgpzGVeFcQZO0.pgp Description: PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 04:59:03PM -0500, Taral wrote: > > I'd prefer to get my new key signed. Anyone? you should be able to sign the new key with the old key to get it into the keyring. -john
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 04:59:03PM -0500, Taral wrote: > You are quite correct. Changing the expiry only requires recalculation > of the self-signature, not all signatures. However, this updated key > conflicts with the existing key on the keyservers. I don't really want > to do that. Can't you just upload the new key to the keyserver? keyring.debian.org is the place to send changes to keys already in the keyring. You might also want to update your key on pgpkeys.mit.edu if a copy is to be found there. - Jimmy Kaplowitz [EMAIL PROTECTED] pgpbpglJKVwtD.pgp Description: PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:57:08PM +0200, Martin F. Krafft wrote: > cause i don't seem to be capable of changing the expiration date on > that one. Hi Martin, I'm not so sure about it, but try: $ gpg --edit-key YOUR-KEY-ID Command> key 1 Command> expire Changing expiration time for a secondary key. <-- Please specify how long the key should be valid. ... that seems to change the expiration date of your secondary key. Bye, Pedro pgpwbYyAfHLGx.pgp Description: PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:57:08PM +0200, Martin F. Krafft wrote: > also sprach Taral (on Tue, 03 Jul 2001 01:41:44PM -0500): [snip] > > No. Changing the expiration date invalidates the signatures. > > does it? [snip] > Command> check > uid Martin F. Krafft <[EMAIL PROTECTED]> > sig! 330C4A75 2001-06-20 [self-signature] > sig! 888354F7 2001-07-02 Richard Atterer <[EMAIL PROTECTED]> No problem, my key is on the key servers anyway! :-) > but maybe someone can tell me what the subkey (D99FEE8D) is? that's > for encryption, right? that's not signed by anyone anyway, is it? > cause i don't seem to be capable of changing the expiration date on > that one. You can, you only need to know how to select it; with "key 1". ;-) > and besides, i noticed a lot of the keys on debian users are with > expiration dates. that's a good thing (tm). but judging from the > wast amounts of signatures some people have collected, i doubt that > process takes place every year, again and again... IMHO, expiring encryption keys are a Good Thing. Expiring signature keys are not. Of course, someone could conceivably, /theoretically/ set up a number cruncher to crack your key with that c00l discrete logarithm algorithm they knocked up the other day, and succeed after 3 years -- but the web of trust destroyed by the expiration of your key is a much worse situation, and could allow much more real-life attacks. Hm, now that I try to think this through in detail, it doesn't make sense... why do you have a separate encryption ElGamal key, anyway? Cheers, Richard -- __ _ |_) /| Richard Atterer | CS student at the Technische | GnuPG key: | \/¯| http://atterer.net | Universität München, Germany | 0x888354F7 ¯ ´` ¯ pgpjObyxLYA4x.pgp Description: PGP signature
Re: [mentors] Keysign request
also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > Is there anyone in the Austin, TX area who would be able to get together > this month to sign my new key (old one is expiring)? um, can't you just change the expiration date and keep all signatures? martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck -- a life? where can i download that? PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:27:49PM +0200, Martin F. Krafft wrote: > also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > > Is there anyone in the Austin, TX area who would be able to get together > > this month to sign my new key (old one is expiring)? > > um, can't you just change the expiration date and keep all signatures? No. Changing the expiration date invalidates the signatures. -- Taral <[EMAIL PROTECTED]> (This message is digitally signed. Please encrypt mail if possible.) "Any technology, no matter how primitive, is magic to those who don't understand it." -- Florence Ambrose PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 01:41:44PM -0500, Taral wrote: > On Tue, Jul 03, 2001 at 08:27:49PM +0200, Martin F. Krafft wrote: > > also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > > > Is there anyone in the Austin, TX area who would be able to get together > > > this month to sign my new key (old one is expiring)? > > > > um, can't you just change the expiration date and keep all signatures? > > No. Changing the expiration date invalidates the signatures. I have changed my expiration date since getting signatures, and I can't get gpg to say the signatures are invalid. -- Harry Henry Gebel West Dover Hundred, Delaware GPG encrypted email gladly accepted. Key ID: B853FFFE Fingerprint: 15A6 F58D AEED 5680 B41A 61FE 5A5F BB51 B853 FFFE PGP signature
Re: [mentors] Keysign request
also sprach Taral (on Tue, 03 Jul 2001 01:41:44PM -0500): > On Tue, Jul 03, 2001 at 08:27:49PM +0200, Martin F. Krafft wrote: > > also sprach Taral (on Tue, 03 Jul 2001 01:21:56PM -0500): > > > Is there anyone in the Austin, TX area who would be able to get together > > > this month to sign my new key (old one is expiring)? > > > > um, can't you just change the expiration date and keep all signatures? > > No. Changing the expiration date invalidates the signatures. does it? [some lines omitted for brevity - operation on backup copy] fishbowl:~> gpg --edit-key 330c4a75 pub 1024D/330C4A75 created: 2001-06-20 expires: 2002-06-20 trust: sub 2048g/D99FEE8D created: 2001-06-20 expires: 2002-06-20 (1). Martin F. Krafft <[EMAIL PROTECTED]> Command> check uid Martin F. Krafft <[EMAIL PROTECTED]> sig! 330C4A75 2001-06-20 [self-signature] sig! 888354F7 2001-07-02 Richard Atterer <[EMAIL PROTECTED]> Command> expire Key is valid for? (0) 2y Key expires at Thu Jul 3 20:49:57 2003 CEST Is this correct (y/n)? y pub 1024D/330C4A75 created: 2001-06-20 expires: 2003-07-03 trust: sub 2048g/D99FEE8D created: 2001-06-20 expires: 2002-06-20 (1). Martin F. Krafft <[EMAIL PROTECTED]> Command> check uid Martin F. Krafft <[EMAIL PROTECTED]> sig! 330C4A75 2001-07-03 [self-signature] sig! 888354F7 2001-07-02 Richard Atterer <[EMAIL PROTECTED]> don't tell me i am just not getting this GPG/PGP business again. but maybe someone can tell me what the subkey (D99FEE8D) is? that's for encryption, right? that's not signed by anyone anyway, is it? cause i don't seem to be capable of changing the expiration date on that one. and besides, i noticed a lot of the keys on debian users are with expiration dates. that's a good thing (tm). but judging from the wast amounts of signatures some people have collected, i doubt that process takes place every year, again and again... martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck -- the young lady had an unusual list, linked in part to a structural weakness. she set no preconditions. PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:57:08PM +0200, Martin F. Krafft wrote: > Command> expire > Key is valid for? (0) 2y > Key expires at Thu Jul 3 20:49:57 2003 CEST > Is this correct (y/n)? y You are quite correct. Changing the expiry only requires recalculation of the self-signature, not all signatures. However, this updated key conflicts with the existing key on the keyservers. I don't really want to do that. I'd prefer to get my new key signed. Anyone? -- Taral <[EMAIL PROTECTED]> (This message is digitally signed. Please encrypt mail if possible.) "Any technology, no matter how primitive, is magic to those who don't understand it." -- Florence Ambrose PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 04:59:03PM -0500, Taral wrote: > > I'd prefer to get my new key signed. Anyone? you should be able to sign the new key with the old key to get it into the keyring. -john -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 04:59:03PM -0500, Taral wrote: > You are quite correct. Changing the expiry only requires recalculation > of the self-signature, not all signatures. However, this updated key > conflicts with the existing key on the keyservers. I don't really want > to do that. Can't you just upload the new key to the keyserver? keyring.debian.org is the place to send changes to keys already in the keyring. You might also want to update your key on pgpkeys.mit.edu if a copy is to be found there. - Jimmy Kaplowitz [EMAIL PROTECTED] PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:57:08PM +0200, Martin F. Krafft wrote: > cause i don't seem to be capable of changing the expiration date on > that one. Hi Martin, I'm not so sure about it, but try: $ gpg --edit-key YOUR-KEY-ID Command> key 1 Command> expire Changing expiration time for a secondary key. <-- Please specify how long the key should be valid. ... that seems to change the expiration date of your secondary key. Bye, Pedro PGP signature
Re: [mentors] Keysign request
On Tue, Jul 03, 2001 at 08:57:08PM +0200, Martin F. Krafft wrote: > also sprach Taral (on Tue, 03 Jul 2001 01:41:44PM -0500): [snip] > > No. Changing the expiration date invalidates the signatures. > > does it? [snip] > Command> check > uid Martin F. Krafft <[EMAIL PROTECTED]> > sig! 330C4A75 2001-06-20 [self-signature] > sig! 888354F7 2001-07-02 Richard Atterer <[EMAIL PROTECTED]> No problem, my key is on the key servers anyway! :-) > but maybe someone can tell me what the subkey (D99FEE8D) is? that's > for encryption, right? that's not signed by anyone anyway, is it? > cause i don't seem to be capable of changing the expiration date on > that one. You can, you only need to know how to select it; with "key 1". ;-) > and besides, i noticed a lot of the keys on debian users are with > expiration dates. that's a good thing (tm). but judging from the > wast amounts of signatures some people have collected, i doubt that > process takes place every year, again and again... IMHO, expiring encryption keys are a Good Thing. Expiring signature keys are not. Of course, someone could conceivably, /theoretically/ set up a number cruncher to crack your key with that c00l discrete logarithm algorithm they knocked up the other day, and succeed after 3 years -- but the web of trust destroyed by the expiration of your key is a much worse situation, and could allow much more real-life attacks. Hm, now that I try to think this through in detail, it doesn't make sense... why do you have a separate encryption ElGamal key, anyway? Cheers, Richard -- __ _ |_) /| Richard Atterer | CS student at the Technische | GnuPG key: | \/¯| http://atterer.net | Universität München, Germany | 0x888354F7 ¯ ´` ¯ PGP signature
