On Wed, Jul 25, 2012 at 03:13:11PM +0100, mick wrote:
Now that /is/ much more likely and a worrying scenario. But there are a couple of ways around this. Firstly, the transition statement should not seek signatures. Signatures for the new key should be obtained off-line in a secure manner. Secondly, if some reason, signatures for the new key must be obtained in a sub-optimal manner, then the transition statement should say something like: "Signers of my old key are invited to sign the new key once they have satisfied themselves that I am indeed the owner of this new key. Please note, that using either old or new key to verify my identity may be insufficient evidence if the old keys have been compromised."
I am in favour of transition statements in general, the bit I object to is those which ask signers of the old key to sign the new key based only upon the transition statement. So I think at this point we're in agreement.
J.