On Wed, Jul 18, 2012 at 05:39:50PM +0100, Richard Parsons wrote:
On Mon, Jul 16, 2012 at 03:11:04PM -0700, Jonathan McDowell wrote:
On Mon, Jul 16, 2012 at 10:54:11PM +0100, Steve Engledow wrote:
I've signed it with my old key and signed this email with my old key so that should be enough for you to trust it.
If not, here's a block of text which I've signed with the new key :)
How does that convince me that your old key hasn't been compromised and the person who now has control of it isn't trying to present a new key as "you" that you then can't read?
Would Stilvoid's logic be sufficient if you had previously trusted the old key? Yes, the original key could have been compromised, but then I trusted that already. So if I trust a new key, which he has signed with the old key, then I don't think I'm extending my trust any further than it already was, right?
But you are potentially affecting other people's trust. I want to send something to Stilvoid, but haven't signed any of his keys. I've signed yours. I see 2 keys for Stilvoid, one of which is signed by you and the other isn't, so I use the one I have a path to. If you've signed both I pick the stronger key. Suddenly I've sent Stilvoid something he can't read, but the attacker can.
If the attacker doesn't actually have the old key but was able to get it to sign the new key + transition statement then even worse the attacker can now read something they otherwise couldn't.
Yes, I'm getting a bit convoluted but I just don't feel entirely comfortable with transition statements that ask you to do the re-signing on the new key.
J.