Open hpk42 opened 5 years ago
azul
commented
5 years ago @hpk42 why do you want to replace your key? In some scenarios changing the current key might also be an option:
As long as the key used for certifying the other keys stays the same there's no need to replace the entire key.
hpk42
commented
5 years ago to be honest -- my current key has a random uid and my mutt-setup is still not happy with that (lack of muacrypt/mutt integration, really) and so i thought i'd like to quickly change my key but don't want the disruption. So it has no real security reasons -- let's just say i am "for some reason" unhappy with my current key :)
azul
commented
5 years ago @hpk42 you can also add a new uid and revoke the old one. That way you keep the same fingerprint and all. No idea how delta stores your key. But maybe the setup message flow could be used to inject the updated version of the key into delta.
hpk42
commented
5 years ago On Thu, Oct 18, 2018 at 04:41 -0700, azul wrote:
@hpk42 you can also add a new uid and revoke the old one. That way you keep the same fingerprint and all. No idea how delta stores your key. But maybe the setup message flow could be used to inject the updated version of the key into delta.
yes -- i am sure i could hack up something.
But the general question of (howto) sending key updates remains. The most general flow is to provide a complete new key, for example if you are unsure (or if you are certain) that your old private key was compromised/leaked.
right now i am in the situation that i'd like to change my key for my delta account but i also don't want to have lots of unreadable mail. Autocrypt does not yet provide a mechanism for key rotation. Maybe i get to discuss this at the upcoming OpenPGPSummit with @dkg @valodim @azul ...
For Delta i guess:
MEMBER_CHANGED_SETUPevent out to all DeltaGroups and chats (this message/event is in consideration for other evolving countermitm thoughts on updating verified keys)