I just uploaded my PGP Key because Cyrus mentioned that I didn't have one my web page. It's quite an old key that I created in 1997. The good thing is that it's signed by many people. The bad thing is that since it has been sitting around for a long time, It's more likely to have been stolen. So I'm trying to figure out whether I should dump the key and start using a new one. I have made a new one, but no one has signed it and I never end up using it. It's also kind of a pain for people when you have multiple keys...
PGP Key »
Joichi Ito
Dec 16, 2002 - 07:14 UTC »
Categories:
Cite
✖
Cite
-
APAIto, J. (2002, December 16). PGP Key. Joi Ito's Web [Blog post]. https://joi.ito.com/weblog/2002/12/16/pgp-key.html
-
MLAIto, Joichi. “PGP Key.” Joi Ito's Web, 16 December 2002 https://joi.ito.com/weblog/2002/12/16/pgp-key.html. Accessed 5 Sep 2025
-
Chicago (CMS)Ito, Joichi. “PGP Key.” Joi Ito's Web (Blog), December 16, 2002, https://joi.ito.com/weblog/2002/12/16/pgp-key.html
-
HarvardIto, J. (2002). PGP Key. Joi Ito's Web. https://joi.ito.com/weblog/2002/12/16/pgp-key.html
-
VancouverIto J. PGP Key. Joi Ito's Web [Internet]. 2002 Dec 16; Available from: https://joi.ito.com/weblog/2002/12/16/pgp-key.html
-
Bibtex
@online{Ito2002PGPKey, author = {Ito, Joichi}, title = {{PGP Key}}, journal = {Joi Ito's Web}, type = {Blog}, url = {https://joi.ito.com/weblog/2002/12/16/pgp-key.html}, urldate = {2025-09-05}, date = {2002-12-16}, year = {2002}, month = {Dec}, day = {16} }
2 Comments
Recent Posts
- True North Between the Dragons
- No mud, no lotus
- Using High Dynamic Range (HDR) iPhone Footage in Premiere Pro 2.3.2
- web3 in Japan
- The World Is Complex. Measuring Charity Has to Be Too
- Is philanthropy a bad excuse for limiting strong government?
- Impact Investment Metrics and Their Limitations
- Space Exploration and the Age of the Anthropocosmos
- It's OK That Amazon Will (Likely) Get the .amazon Domain
- Optimize Algorithms to Support Kids Online, Not Exploit Them
Make dated announcement of key transition, including both old and new public keys.
Sign key transition announcement with both old and new private keys, seeding new key with trust from old key.
Any compromisers of old key must now advertise their key fork. Conflict resolution for competing new keys (real vs fake) can be done with your physical appearance at key signing event for new key, where other public "trusted" keys sign new key (and implicitly, the "real" key transition).
Some people can address old key, but they now accept risk, due to your dated public announcement of transition from old key to new key.
Other people can address new key. Their risk acceptance depends on their verification of transition from old key to new key.
Your prior correspondent is right on the mark. I am going through this as well, and have decided that a regular ritual of key cleanup is just as important as doing backups. (Of course, that probably means that neither will ever get done...but that's another story.)
Joi, those of us who care enough to use the tool will be happy to reestablish your "web of trust" for the new key.
Having just watched "Diamonds are Forever" for the first time in a long while, I have become somewhat more paranoid about impersonators though.
[Remove the capital letters for a valid mail address.]