Well GPG to be more accurate 😉 As my existing key was set to expire at the end of this year I have issued myself a brand new one! After much though I finally decided that creating a new key from scratch was the best idea, rather than simply adding a new subkey, because I wanted to move away from DSA/ElGamal toward RSA primarily because of the weakening of SHA1. If this all sounds like gibberish to you then don’t worry, the details aren’t nearly as important as the security provided by my new key.
Well its almost time for me to create a new PGP key. My current key for tyler at tylerburton dot ca is set to expire at the end of the year and I am trying to determine what the best way to migrate to a new key is. Some people suggest simply adding a new encryption sub key and then changing the original signing key’s expiry date so that individuals wishing to verify your signatures can continue to do so uninterrupted.
In the world of computers interoperability is key. If I send you an e-mail from my machine I should hope that you’re e-mail client would be able to read it. This is why we have standards. Standards are a good thing. They allow people to focus on improving performance and driving down costs instead of splintering user base and polluting the world with… less than elegant designs. But what if relying on a single standard is not the correct way to do things either?