-----BEGIN PGP SIGNED MESSAGE-----   
      
      
    PKEY_DROP Echo Guidelines:                               rev.  2 JUL 01   
    Posting Frequency: 1st and 15th of the month.   
    -----------------------------------------------------------------------   
      
    KEYNOTES:   
       
    ONE-   
       
    If you have generated a public-key of 1024 bits with 2.3a or later   
    versions of PGP, you probably don't need to revoke the old one and make   
    a new one. This is particularly true if your key was made with any of   
    the 2.6 generations. If you're worried about getting 2.6.2 or later on   
    your key, don't make a new one, just re-export your public-key with the   
    newer version of PGP using the standard key export command:   
       
    PGP -kxa youruserid youruserfilename   
       
    and then copy the new copy of your public-key to your file directory so   
    people can file-request or download it.   
       
    TWO-   
       
    MAKE SURE you distribute the PUBLIC-KEY ONLY! Every so often a neophyte   
    will put his/her secret-key into circulation. That's BAD!   
       
    THREE-   
       
    When making your first public-key pair or a new public-key pair, go for   
    the 1024 bit size. Don't make your key any more vulnerable than you   
    need to regardless of how long it takes to compile it. If you go for   
    the 2K size key, keep in mind that 2047 bits is NORMAL for the stock   
    PGP.   
       
    FOUR-   
        
    MAKE SURE you put all your possible userids on your public-key after   
    you generate it and before you circulate it for use and/or signatures.   
    It is especially important to be sure that your standard User Name is   
    on there EXACTLY as it appears in the From: line on your Netmail and   
    Echomail. This makes it much simpler for folks to encrypt to your name   
    as detected in a reply.   
        
    It also makes life simpler if your Netmail name, your public-key name   
    and your FidoNet Nodelisting name are all the SAME name!   
        
    FIVE-   
        
    It is recommended that individual, public-keys be made available via   
    Netmail or by file-request with the magic filename: PGPKEY and that the   
    public-key provided for that request by given a distinctive filename   
    using part or all of each provider's name and address. For example, on   
    my system, a file-request of PGPKEY will give MFLKEY.ASC to the   
    requesting system. A magic filename of KEYRING will yield my working   
    Public Keyring as MFLPUB.PGP. INETRING will give you PUBKEYS.PGP which   
    is a ring i downloaded from one of the large public keyservers some   
    years back. This will avoid duplicate overwriting and make it easier   
    to track the keys. Using standard magic filenames will make it easier   
    to find keys and keyrings on different systems.   
        
    [NOTE: PGPKEY is usually the magicname for the SYSOP's public-key on a   
    given system. Users may ask their Sysops to make the User keys   
    available by specific filename the User can advertise.]   
        
    SIX-   
        
    DO NOT SIGN someone's public-key UNLESS you have obtained it directly   
    from them or their system under password or by direct file-request.   
    Signing the keys of others without knowing those keys came from who   
    they claim to be from dilutes the web of trust. You do not have to sign   
    a key to add it to your keyring.   
        
    SEVEN-   
        
    IF you are going to upgrade your key size from smaller to larger, be   
    sure to sign your new key with your old, established key FIRST and   
    BEFORE you revoke your old one. It will give you a head-start on   
    trusting the new one. If you don't know how to force PGP to sign [or do   
    any other key feature] by KeyID number instead of UserID, just remember   
    to preface the KeyID with 0x and PGP will know which key you mean to   
    use for any specific operation.   
       
    SPECIAL NOTE ---   
       
    If you lose your secret-key password [or forget it] or your secret-key   
    in a drive crash [because you failed to back it up on floppy], you   
    cannot issue a revocation certificate. In that case, you should make a   
    general announcement in all related Echos that your old key should be   
    disabled using the PGP disable command [PGP -kd userid] for your   
    userid. That keeps your useless key on their keyrings [so they won't be   
    replaced from other lists who didn't get the word] and permits them to   
    add a new key from you without one interfering with the other. BACKUP!   
    BACKUP! BACKUP! [clear?] [grin]   
        
    This Echo is available on the Zone 1 Backbone. This Echo has been   
    Elisted since ELIST211. Please feel free to announce this Echo to all   
    interested participants in your area.   
        
    Thanks.   
      
    Mark Lewis, 1:3634/12, wkitty42@alltel.net   
      
    Conference Moderators   
      
      
   -----BEGIN PGP SIGNATURE-----   
   Version: 2.6.2   
   Comment: Privacy is a right to fight for.   
      
   iQCVAwUBO0SvmJsj1FW2DCDFAQH8iAP9HZzErX4NaSvkMcg4tolk/X2Z4Kf8hx+l   
   m3Clq1evryFwH9MEe0dRk5yYjaOpM23CcuM3uonegHEB8HKzUVE3+fcxsXKGmdLP   
   whvlRiZvOVDZRvCwBkpTIPoyfpg6+Bt1VGbUn0LxFqpq20hf/mbYB57bLAXkFSv4   
   byG6uvHowpw=   
   =M9Du   
   -----END PGP SIGNATURE-----   
      
    * Origin: (1:3634/12)