-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256,SHA1

Fri, 08 May 2009 14:21:29 +0100

In light recent new attacks against SHA-1 [1,2], and the NIST guidance on
1024 bit keys and SHA-1 hashes [3,4], I have decided to move to a new 
OpenPGP key of a larger size. As such, I will be slowly transitioning
away from my old key.

My old key will continue to be valid for some time to come, but I'd
prefer all new correspondence to use the new one. I'll also be switching
my outgoing signatures (email and code) onto the new key. For this
to work well, I'd like my new key to be re-integrated into the web of 
trust. So, I've signed this message with both the old and the new
keys, to certify the transaction.

the old key was:

pub   1024D/4CEED75F 2004-03-24
      Key fingerprint = 3C68 EF05 28E8 B624 DFA8  BADD F5C2 6016 4CEE D75F

And the new key is:

pub   8192R/D84E41AE 2009-05-08
      Key fingerprint = FF14 C33A 5A2E F27C 9C17  8824 8AAF 88D6 D84E 41AE

To fetch my new key from a public key server, you can simply do:

  gpg --keyserver pgp.mit.edu --recv-key D84E41AE

If you already know my old key, you can now verify that the new key is
signed by the old one:

  gpg --check-sigs D84E41AE

If you don't already know my old key, or you just want to be double
extra paranoid, you can check the fingerprint against the one above:

  gpg --fingerprint D84E41AE

If you are satisfied that you've got the right key, and the UIDs match
what you expect, I'd appreciate it if you would sign my key:

  gpg --sign-key D84E41AE

Lastly, if you could upload these signatures, I would appreciate it.
Please could you just upload the signatures to a public keyserver directly:

  gpg --keyserver pgp.mit.edu --send-key D84E41AE

Please let me know if there is any trouble, and sorry for the
inconvenience.


Thanks
	Nick

[1] http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
[2] http://www.debian-administration.org/users/dkg/weblog/48
[3] http://csrc.nist.gov/groups/ST/hash/statement.html
[4] http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQQVAwUBSgQx6u9mpuMYxMsAAQhAAh/9H+JfIdG2WRS5km8VX+DJ616yGlgfV9Xr
DwAgAPUa+K3dvbemXjczDMZEKlPXTTvEi7RJ3abyaPGJ6WQWSkl3A4aII0Sk73wj
gs0jLAJbv0sFpI8jLqMzX7D5TOvW/yTzf+p3wR5SQUX6+ip5swPODKZ0iaBCVn33
j0AOZFhLRaccsAYNUcvV5zf92bON6FawN2XZSjghSk35Xdi1bSE2L2OQhFSc5A1k
AKNrkbHcE+8ws64C8zrVoTucOHR6li+KfmvEp2cSImeMwrZCrripcvdVS3+//MO8
KxnkEx3IHPUjxI1mRETjFIhNX0HQBDqWMjZ3H+ZxYWQuCIDc3mtWvGvDBZrqWWbr
WmpEPiZBKzcQL5LuHUNilF8fFHaI3jZoJ4+fUZL/hdAXzY81m5jhfbqXbNWxGd+N
AORchCSjKadJdriJRqm4mEFV64BA0TnMQFWItob6I8JVAh+9EaJCio8jQGFjuSzc
xe/D7BwCYPD0ArLyaSn+pZsq2U68Yxvcfs5V390IkjxlelVFUGAQEk+0Z1R9hJln
o3UL60Hy4NB+DeMZevZJGEpG4D725CnBBBZHpesCPGBuMVcIk03BEPtWD6+fOHos
MCCpMny3wXbC+VawryqUyFXiE8T8dcOAsd9SL6MexZ0lv8Uw4khEPGg/WSSCWgD9
FWsDd9NezCtZ6TDN8hGpYdApx50PxQcd5HEbxaAi/C+q9NfOA2WAfPtDl5ZTqJ+P
fQeFD7HDPaJdh1gJr+o87HYFeIzFPwxbJraLX/QKKT7Jnht4Uln8icZFZJnGXZq4
r7An5BmzOUjzDCZO/Pp1shGWls2V8DDpFzSmKw7x4IHXtFJmRiaHDAFAH8StOd5l
rSvGhtqXEJ8RemJTjL04V6RejCRNNnDm6x3HNIK34r3hgAgmknU2iqa1AZQMYv2F
qZmsWEsx57J5F7+eCN50O6dc/1T8jrVFaZLCVrVPJZzRUt4hUDFJesfIiOzdwet0
gJ4tfgC/+/aAPzYxfmrP0zDoU8E64aVeLe+sY3bPZN9KuFzWYpLDe+b17rWCweAh
eOFo7NrfuVHyBI+DWhNag98t56+6zxSprzL/MPwTMgHluOXjXPT6pMnbBuBOtYNG
q62sn/7kJ3jnqNq+IVqcfJCgG9qAqvDACO2hDhlq24hAtg61eBfNtRsc0rP0OlCR
1HhK1nc4NVLgU8Xttvj/PRBKiqrkJE4HiDPC3mwMDkq1j1LPwT9qgZSUnSSTJdSV
/fxwr+Z2Ge64zZd1sH62m9uhtJNnh8cypkIFPgFMaZtOTnIDTPpPT+N7OLna23EF
Lp1/0vG+brOd6W4geKYfB0zGCHe2/y9TDmntG9Uk8Pvq0+g5l8YvUIg/AwUBSgQx
7PXCYBZM7tdfEQKmIwCcCj9TjQ2WCqXDTANnA5Ao0sugwokAoKQG30HXtVar8zTv
olYzAnR3SFhm
=/FjF
-----END PGP SIGNATURE-----