"Lucky Green" <shamrockat_private> writes: > In light of the above, I reluctantly revoked all my personal 1024-bit > PGP keys and the large web-of-trust that these keys have acquired over > time. And this is certainly the wrong thing to do. Key revocations are not the proper way to deal with algorithmic weaknesses. Many people will follow your advice and destroy large parts of the web of trust, and we don't even know yet if there's a real threat (Bernstein himself said so a few weeks ago, for example). You don't revoke your keys just because someone can impersonate you, using bugs in a widespread OpenPGP implementation, do you? -- Florian Weimer Weimerat_private-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
This archive was generated by hypermail 2b30 : Thu Mar 28 2002 - 11:24:38 PST