-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I am transitioning from an old OpenPGP/GnuPG key to a new one. The old key is this: pub 4096R/3B972754 2015-04-12 [expires: 2016-04-11] Key fingerprint = 2970 DF22 3556 3364 7EC6 4E59 6E20 DFF0 3B97 2754 The new key is this: pub 4096R/86AC2D96 2015-12-13 [expires: 2016-12-12] Key fingerprint = C5FF C707 2E7E 54E3 52A0 28E5 2721 FAA2 86AC 2D96 I am planning to keep that new key for a long time and extend its validity yearly about three months before the expiration date. The main reason behind this transition is the YubiKey NEO OpenPGP security vulnerability published 2015-04-14 (CVE-2015-3298). I am replacing my old YubiKey with a new one. While I'm at it, I'm setting up my key management completely from scratch in a more stable and less hackish way. The old key has not been used extensively, and even though there are no indications that it has been compromised, I will replace it with the new one in order to have a fresh start. The old key will be revoked in 2016 (or expire on its own), but I prefer all correspondence to be encrypted with the new one. I will not be signing anything with the old key anymore. I was planning to sign this transition document with both keys to validate the transition. However, it proves rather difficult to use two YubiKeys to create a combined signature in a single GnuPG call. Therefore, the document is only signed with the old key. I've also used the old key to sign the new key. I will not sign the old key with the new one, since I want people to _stop_ using it instead of giving it more credibility. Please contact me if you have any questions. Tim Weber - scy@scy.name - Twitter: @scy 2015-12-14 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWbgJDAAoJEHtObIj8FJG6BWQH/Asb9iBnyHVjSlRB6d2ObSaz o4isHp3xqKcyyUt3K6UCaURVjXBKufXMazcIUsPmB9UxenDuh3iky+jXJPE/AVnp jtug6bFioNtKi9irebeSXFcHb7sHkRV9iLNRPQQULbXrn59ux+PR9xG7itaeFrJt xAZaHvC4DUxQ+0g6mskSVhP9f8VeWz8XEuod+HA2PoVDUFLmJCtVHNh3uv8KQBrW RIAhNp9w2BhhuUR52CATmaSsUDRiivYt7EIxIDGl0vRhFdi47YyV+hFUG355fkAM 0JN0bVFn0wYLyP/KsBzdqi+OOQ/yDnFidiOH1H4xzXV0uGrRT8Zgxyi4ZsUZ05I= =+e+f -----END PGP SIGNATURE-----