[conspire] Fwd: Offering GPG/PGP Workshop at CABAL
rick at linuxmafia.com
Tue May 13 21:12:00 PDT 2008
Quoting David Fox (dfox94085 at gmail.com):
> This might be a good time because there's a security vulnerability in
> Debian's openssl, may be a good idea to regenerate keys.
> And after reading Rick's writeup on gpg I jumped the gun a bit. I
> noticed that my keys were last generated back in 2005 and have not
> used them hardly at all.
> But my email address changed, and that's one reason to change the key.
> But I couldn't revoke, because I couldn't remember the passphrase I
> used 3 years ago!
1. The security advisory doesn't cover GnuPG or PGP, since those
programs don't in any way use OpenSSL-generated keys.
2. If it _had_ used OpenSSL-generated keys, you'd still be OK with keys
generated in 2005, because the affected OpenSSL versions came out
starting in September 2006.
More information about the conspire