-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256,SHA1

2009-08-01 17:10:00+02:00

I've recently set up a new RSA-based GPG key, and will be transitioning
away from my old DSA-based one. The old key will continue to be valid
for some time, but I prefer all future correspondence to use the new
one. I would also like to ensure that this new key is well-integrated
into the web of trust. This message is signed by both keys to certify
the transition.

The old DSA key was:

pub   1024D/66A90DE2 2004-08-03
      Key fingerprint = 4491 BB79 CD5A D94A 6681  4B0C 9AA5 51D9 66A9 0DE2

The new RSA key is:

pub   4096R/A1DE50E9 2009-08-01
      Key fingerprint = C3C7 AB73 05C8 5849 C4BE  8BE8 5E08 AFD2 A1DE 50E9

To fetch my new key from a public key server, you can run:

  gpg --keyserver subkeys.pgp.net --recv-keys A1DE50E9

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg --check-sigs A1DE50E9

If you don't already know my old key, or if you're extra-paranoid, you
can check the fingerprint against the one given above:

  gpg --fingerprint A1DE50E9

If you have previously signed my old DSA key, and if you're satisfied
that you've got the correct new RSA key, then I'd appreciate it if you
would sign my new key as well:

  caff A1DE50E9

The caff program is in the signing-party package in Debian. Please be 
careful to generate signatures that don't rely on the weakening 
SHA-1 hash algorithm, which requires some careful configuration even 
if you've already configured gpg correctly. See 
http://www.gag.com/bdale/blog/posts/Strong_Keys.html for the gory details.

Thanks,

- - -- 
José L. Redrejo Rodríguez                          [jredrejo@debian.org]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJKdF8XAAoJEF4Ir9Kh3lDpegoP+wYFcztYL9cpSv3B7Xx513aO
aHvOLx5wwqNahmrvigZIXRmfHjajYg/O9ZpxHDXEuxkAagIZl/Pg2dEOZSNGZHZj
E3IPpeLjTWcqT4oocKZT95fvMfvFwxw3JsXozoZECFnxG2QqnWGwN9yzM6mPMSD1
068vAOZ2iMTl4D1bJ9MZHOAxhZO7QpgccmLcpu3upv9pwz8bHRCAkhp+w+997S0x
taim/L/cxwZvxHcQCZ8aGgCnCOQotmFjm6eRC9XBAnSQqrbp0bkAK9p8nYJqau5H
GoNfmEYjIoFSBm2JInQ2gPyL+//N7PnhKt1w+mDVIwLDqdVmAXXX23jjkbEP5N6z
zZiWgORF3pxyF3Eha9YQeMNdtooB2JmTWUgOM7yUColXwWXfHYVZOqNK9JXwq5Ih
VV4Ii0fnufqfhRdh2F/GTwivpLdyQQSFmU0lblm9DuULsK2uQMewzS6kXXu76T74
WVSqm5FD3a2Qih6GzVTI970Kqvp8SBVhgstlXM0X/BddalcylFJWVYY+X9Cxn8bM
Je1yH9Am/ol++rr4aYv0ykKSSbRD87HROGOJ0OeH/q+hjRh1qFDFtnGtgu8ldhUa
5e1wH2dTI/F/4/icAX70WCK41JxuszxL0bH50SK1jJOAgJgKd5OpVCthktOJtIf/
LyJhDxeFDBTJizk9pjRuiEYEARECAAYFAkp0XxcACgkQmqVR2WapDeLj6QCePVUx
1exh1yTV6EGdMoD2uQXSGLAAn14QH/nIIe6SWk4QY7ePIJCoGa8N
=Be30
-----END PGP SIGNATURE-----