-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512,SHA1

GnuPG key transition statement
==============================

I am transitioning my GPG key from an old 1024-bit DSA key to a new
4096-bit RSA key. The old key will continue to be valid for some time,
but I prefer all correspondence to use the new key from now on.


Motivation
~~~~~~~~~~

tl;dr: Debian wants new keys and I always wanted an air gap between key and
networked computer. I now have both but spent too much time for this.

As you probably have guessed, the reason to finally move to a new key is this
announcement:

https://lists.debian.org/debian-devel-announce/2014/08/msg00015.html

I also fear that the key might be broken but I do not believe some big
agency spends massive amounts of computational power to break into Debian.
They probably could use much easier means to get in.

Of greater concern to me is the possibility that the private key could get
extracted from my computer by either a break-in via the network connection
or somebody who got physical access. We all think our systems are safe, don't
we? So was Sony, I guess.

So this prompted me to finally get my private key off my computer. If anybody
cares, the key now sits on a FSFE Fellowship Smart Card. It wasn't as easy
as I expected to set this up so I spent all my at-home computer time for weeks.

Real life stopped me before sending this transition statement. Anyway, I feel
better now given that my old key used to sit on a floppy disk until that was
unusable and ended up being stored in my $HOME, albeit encrypted.

If anybody tries a similar setup and runs into problems, I would be glad to
help. It also would make the time spent look less like a waste.


Signing request
~~~~~~~~~~~~~~~

To certify the key transition, this transition statement is signed with both
the old and the new key.

I would appreciate it if you could sign my new key so that it is well
integrated into the web of trust, provided that your personal signing policy
permits it. I'm fully aware that you may not sign based on transition documents
and I certainly respect your decision and won't pester you again.


The old key was:

pub   1024D/0x750807B5551BE447 1999-03-23
      Key fingerprint = 820F 6308 F2B0 8DA2 4D3E  C20E 7508 07B5 551B E447
uid                            Torsten Landschoff <torsten@debian.org>
sub   1024g/0xB1B79D0327BE2E11 1999-03-23

The new key is:

pub   4096R/0x308355FA32C5067D 2014-10-16 [expires: 2016-10-15]
      Key fingerprint = 8A4D 01D9 83DF 73C5 1DCC  745B 3083 55FA 32C5 067D
uid                            Torsten Landschoff <torsten@landschoff.net>
uid                            Torsten Landschoff <torsten@fsfe.org>
uid                            Torsten Landschoff <torsten@debian.org>
uid                            Torsten Landschoff <t.landschoff@gmx.net>
uid                            [jpeg image of size 15017]
sub   4096R/0x1E5F95A7863B7C77 2014-10-16 [expires: 2016-10-15]
sub   4096R/0xEF9AC6A0E3AC040E 2014-10-16 [expires: 2016-10-15]
sub   4096R/0x8E02CF8DD72A8A42 2014-10-16 [expires: 2016-10-15]

The new key is available from the gnupg keyservers. To retrieve the full key
you can run

    gpg --keyserver keys.gnupg.net --recv-key 0x308355FA32C5067D

If you have already validated my old key, you can now verify that the
new key is signed by the old one:

    gpg --check-sigs 0x308355FA32C5067D


If you are satisfied that you have the right key, I would appreciate it
if you would sign my new key and send the signature to me by email. You
can perform the signing using gpg directly:

    gpg --sign-key 0x308355FA32C5067D

If you have a functioning MTA on you system, you can send me the new
signatures by email:

    gpg --armor --export 0x308355FA32C5067D \
        | mail -s "NEW signature" torsten@debian.org


Please contact me via e-mail at <torsten@debian.org> if you have any
questions about this document or the key transition. A copy of this
transition statement can be found at:

https://people.debian.org/~torsten/2014/key-transition.txt

2014-12-20
Torsten Landschoff
torsten@debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJUlZpvAAoJEB5flaeGO3x31sEP/0LwQvSl2MhI3M0sBaTS28Em
OPFvlXuVxYSM0baMB3YmfPjvOpbHdY6Otk/lD6JUonWFKqHv+50mXRkPCUfS3zlj
BD+3Tlx4D4aG0zyEBU1ieEG5FStX/Skkt68OEamNT8LKeqFeup3zSDCivIkAWMbH
qLSoBc3GOZfSB/griZg2afFNIJrg6E/rdNJ4vSiCrLA+Q88YvgtZNJC8YMpU1d73
IcsWQQydtqWFwi5GCboEsRo5r2BaKPnj62B4cD1ovoY3F603fBkCNThuXL3sLrOO
EeAPNOwbe2yov+iyQRA1XKFIQPk708fPxplcOQQYbu3teU3paP4n8IiYeQ6OoOGo
4rhquHn8+ISLFVDivg/BH/NZy6HRDQmSe2sj8NvBw4kms3qh9SOrAmKuOHFvVxIT
1vbIeCBf/DjS8EYZWwPZu77w0gDaeHAjhzgj65ed574R2Pt2ENyES0U19oaILPrB
3GcxJ/4yaRDsSk1a9bvvE5Sed3b2/2PhuOFOMsYz0fB1cUYGTyH2pxlj52Je7L22
oLEb1LHfn78Azzp1lgo2A/dWwtdBQxw+FERKMwW43z5mmWX3T0QwLB2dTIGT6wXh
QNwgEJUruHfKW2I7GuIQG6nmoxr/ZyKIzno/XNBeiz5ZEw8vtYgB+2hFB9Vs8DZa
kHMvkA+mkoGqkJVekzWQiEYEARECAAYFAlSVmnsACgkQdQgHtVUb5Ec38gCfSx6D
08yYp5MJ6j4Q0XTTRhF1F6cAnRnSY2CgxcQyEctSohUYmIrHGlQi
=K6lG
-----END PGP SIGNATURE-----