-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256

2009-07-31 13:00:00+01:00

I've recently set up a new RSA-based GPG key, and will be transitioning
away from my old DSA-based one. The old key will continue to be valid
for some time, but I prefer all future correspondence to use the new
one. I would also like to ensure that this new key is well-integrated
into the web of trust. This message is signed by both keys to certify
the transition.

The old DSA key was:

pub   1024D/10FA4CD1 2001-08-19
      Key fingerprint = 8731 7259 4310 3804 9C92  C139 F6DD 3302 10FA 4CD1

The new RSA key is:

pub   4096R/7D86500B 2009-07-28
      Key fingerprint = AC0A 4FF1 2611 B6FC CF01  C111 3935 87D9 7D86 500B

To fetch my new key from a public key server, you can run:

  gpg --keyserver subkeys.pgp.net --recv-keys 7D86500B

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg --check-sigs 7D86500B

If you don't already know my old key, or if you're extra-paranoid, you
can check the fingerprint against the one given above:

  gpg --fingerprint 7D86500B

If you have previously signed my old DSA key, and if you're satisfied
that you've got the correct new RSA key, then I'd appreciate it if you
would sign my new key as well:

  caff 7D86500B

The caff program is in the signing-party package in Debian and its
derivatives, including Ubuntu. Please be careful to generate signatures
that don't rely on the weakening SHA-1 hash algorithm, which requires
some careful configuration even if you've already configured gpg
correctly. See http://www.gag.com/bdale/blog/posts/Strong_Keys.html for
the gory details.

Thanks,

- -- 
Colin Watson                           [cjwatson@chiark.greenend.org.uk]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFKct2v9t0zAhD6TNERAhZeAJ4s6YxBUr7JieidX3JlrHsfbAlx/ACeJPdV
PabAjKm4fd1L4Jf+C+QGOiSJAhUDBQFKct2vOTWH2X2GUAsBCGtfD/9o1G0Lbq9L
VMA0T5d/t/fGN0e0KU17CJVeatJNwGaYYRvr32Mq7dfP1bSL/wEheeJO/wCRNc+Z
KFNVwforuUXCPJSvjLL1zGz8J6UKLEybxeM0Fhv/tPeCiQlXaWV17YN1mSfRRFF3
uXDBIiqMSs5ujZwnxfc66+RktQW8UmwFduu9oGB0lzi1pZSf9FvDE0eEQ7me080I
loec0CB5wjJjqF5eej41ANta2xiJRiC59FKNbfwDsny338DVYzxUyh45F5UXmGxd
bT2W0p7tthfvZS2LzsAQPsqiF/FbARyBZkxIRnMp03eSA2a6cgL7nIl4n1HeVSWE
CSRUx0FjOyfKXFJcbIhmLR4/SHDL0sDm0O4r/Y1XiDyDGrnDp4D3YyOFgJyngZ09
teSkP/N875Au8vr9VKvg1dl3ID7+UpYWxUIQTqTKYdcLRootdSWKW7XXWZH+IXJu
QaCQpy48nlmcsIQ6nH8xUYMGK/8jINV4WfZ+Dv0Z1WADFEItjz4RwElZPPBZRRFW
IyHa/gKgtSCw9GzU0Of3GW/GtgD/IvyEn9uWpGzJ87VeMCXh2t8qBcLmNeFoWt8A
zGHr1yo/yTTuKQHiWPTnw/iEsCbahEn5TldwlkqT0IPAe6RPl9jTCwr+3KNF8Y+R
KKOeucQMC9hqs7hnCgKMQfhzAUYQNvgVrQ==
=oSqy
-----END PGP SIGNATURE-----