-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA256 Monday, 22 March, 2010 After a prolonged period of procrastination, I have decided to retire the PGP keys which I have been using. The keys are now 8 years old, and were created as 1024-bit DSA keys using SHA-1 hashing. Due to the increasing concerns about the vulnerability of SHA-1, and the questionable long-term security of 1024-bit keys, I've decided to make the jump to a longer key with stronger hashing and with embedded photo IDs. I'm actually doing this for two keys at the same time: I've revising both my "at home, personal use" key, and the key I use at work. I've posted the new keys to various keyservers, and will begin using them effective 23 March 2010. I will revoke my old keys on the same day. ---------- OLD KEYS pub 1024D/7AE65C23 2001-12-18 Dave Platt Primary key fingerprint: 9916 8345 628D 9ED2 9482 B03E 797C 0A86 7AE6 5C23 pub 1024D/B8F39DB5 2001-12-18 Dave Platt Primary key fingerprint: E807 F9E5 D249 EADD 2178 40B0 D123 4F4A B8F3 9DB5 ---------- NEW KEYS pub 4096R/EC653072 2010-03-22 Dave Platt Primary key fingerprint: 9376 7455 D7EE 108E 4EB5 0ABA 5805 6F51 EC65 3072 pub 4096R/852CCE85 2010-03-22 Dave Platt Primary key fingerprint: E977 9AC5 2DFC 3240 B11F 2BFA 0283 F90F 852C CE85 ---------- I have signed each of the new keys with the other new key, as well as with both of my old keys. To fetch all of my keys (both old and new versions), their current sets of signatures, and the photo-ID UIDs in the new keys, you may do the following: wget -q -O- http://www.radagast.org/~dplatt/dplatt.pgp | gpg --import - Or, you can fetch the key file using a web brower at http://www.radagast.org/~dplatt/dplatt.pgp or http://www.radagast.org/~dplatt/dplatt.asc and then import it into the PGP-compatible program of your choice. You can fetch the new keys from a public keyserver (although some keyservers are said to strip out the photo ID): gpg --recv-key EC653072 gpg --recv-key 852CCE85 You can check the signatures: gpg --check-sigs EC653072 gpg --check-sigs 852CCE85 You can check the key fingerprints against the ones shown above: gpg --fingerprint EC653072 gpg --fingerprint 852CCE85 If you're satisfied that these keys are legitimate, that I am who I say I am, and that I am actually in control of both these keys and of the email addresses associated with them, I'd appreciate it if you would sign either or both of my new keys using your own PGP keys. The securest procedure is: - Verify my identity to your satisfaction - Verify the fingerprints on the key you are going to sign - Sign the key - Export the key with the new signature(s) to a disk file. - Email me the signed key, encrypting it using the new PGP key. - Delete the signature from your keyring When I get your email, I'll decrypt it, import the signature into my own key-ring, and then re-publish my key with the added signature. This procedure (although a bit slow and clumsy) helps ensure that I'm truly in control of both my email address and of the PGP key in question. Please feel free to phone me at TiVo (+1 408 519 9182) if you'd like me to confirm the fingerprint on any of these keys, or if you wish to arrange an "eyeball QSO" (face- to-face meeting) to verify identities. I'll be glad to make it a reciprocal meeting, checking your ID and key fingerprint and then signing your key. Oh... I'm also a CACert.org identity assurer, and can issue "assurance points" which can be applied towards a free SSL certificate. See http://www.cacert.org/ for information on how this works. Best regards, Dave Platt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLqUYR0SNPSrjznbURAoWqAJkBqqaTxxKo9oYcyKrseFjlfFbn3gCghgO2 YljOgqdfksB7+51badwYXYOJAhUDBQFLqUYRAoP5D4UszoUBCGw/D/9ysAqMGB0G 4tSJLp1gxVQJ1tq9FilhSNr7dgLeTbcUn9lG5159K4VQjJjXzh8a1pZUyna7ChuG 97hqIoH7sP5WEsj5NbAmWUbkwJuLfHo3n7f1G3oBAhzoD6TAuVeBA5iOV5BeMqS1 pGHLow0C+NCyqMamsZXizU8ZUNBOD3R6waMkz3+1rGHFH3aAkmBSHx3lf5u9Y1HR +8toay1F5WpuuaaT1+LNM2Dwcb48hwlLZOGj1jem0g4poErA54nNxbCPyg3t222a keKW4fW0LkaFJow5CkRfP6gijYQmRtzBX/TLNFaea+hArWes7HTmHzFrkxn0gOhz BznBephwuzDTHMHkxpOGFsuN78Q5Z411LO8eDVrvOWa6Zwpb5h4tka3X+cxZomkU q9lPPSYIFkNkZyfk596vl8CSQ/SMm4ni7RXRdyNPMbD8AE4NsmLi0ZO+bKEyeK6a 1o6MxB5KghZKavCI29MvgeSo9w62pKWWF0UdbfUP0sFE5PsoDFhaulcxqew6CtSS KeTIc+TnY2vOFQsOTfEkkvfvQvVMwBF80yKj7JOhiT/iICn8KDBpB3lkXJxGuJMQ 2H6r6S+r9+U2sNc5RZnTlCCcxGvC6n8VWpDfwEI9AWmS3lFPgJOBtlLLQrdZLVpr L53idrfi1Dicb+c86nsrI06LTpxLqKPI+Ig/AwUBS6lGEXl8CoZ65lwjEQKFqgCg j36oM+i2NUuLmL6UGKKEyEuiCX0AoM4T1dRNDJ88TM8xYcfX3CKY8fQIiQIVAwUB S6lGEVgFb1HsZTByAQhsPxAAwN1WEf84oFgWj6rzkWr/VuF20qok+6qO1QsvwREM kdMUIwsnSwfz7UWHf4Y6e8ttx7anJUyl8OoE3j8s2C+Teei8FYCd9XXA+yUwqUGV rSB1ixX7U0T7DcLYjJmdEP5QMo0Oh3T/DXY0yCrUmUW+l0fbEjvZ/L8BE7v2S8O6 GUdP3BRVA/BR73GGJhaL6Q9dyd236vG071tw8cBoNgGKvZuPOAj8Qd40sVmP5Gy8 NF07J+cutH3XovIw2kvhelxP8JSCz5LRnTNWNfMaMMv/T8HiWdZbARU5h87z6DDG V3IMWVYPQP07kQ+Z1EJKFQ6oAaKCQ7TgdikLR64Lp3k4MpGdHlfcQ+GwhQIBfGGv ZU8RGxoLp2tAmjXDeJ9daNQWZ+RREHV1+ulaHycY4gGX8MDMtdlYxHXsqCRQdmRP yxlEysUe0Yu82v5cAtK+v9PrmkUaJRkFOVpm7z/2uYnyDWms7D3v18LGvL/dY+4i 4RRZ5lN8Fa/pCk8bBVq0444jKUNO5maDPmrx6bRRyhaKLbXFYQveVn92Tag8moI/ k79WgR2A6o33Fn45nU5M6wpw2+A/pz2pN3FWBmi8SKDNSZyM7ysd2zBAY9NEuqOP ebbegZ/wJ9HCC5+M1e8Weox92X+nSK/4ElMOP7LjBBiaSaYNMFFOOLC+1AeAbf42 8Q0= =/RNw -----END PGP SIGNATURE-----