17 October 2016

Hello.  Nick Mathewson here.

I am changing my PGP public key. I have started using the new one
below and I will stop using the old one[1] some time around January
of 2017.

I am signing this with my old key so that nobody freaks out.

The new key is:

pub   4096R/FE43009C4607B1FB 2016-09-21 [expires: 2019-09-21]
      Key fingerprint = 2133 BC60 0AB1 33E1 D826  D173 FE43 009C 4607 B1FB
uid                          Nick Mathewson <nickm@alum.mit.edu>
uid                          Nick Mathewson <nickm@wangafu.net>
uid                          Nick Mathewson <nickm@torproject.org>
uid                          Nick Mathewson <nickm@freehaven.net>
sub   4096R/6AFEE6D49E92B601 2016-09-23 [expires: 2018-09-23]
sub   4096R/91DDED0286AC8BFF 2016-09-23 [expires: 2018-09-23]

My old key was:

pub   3072R/21194EBB165733EA 2004-07-03
      Key fingerprint = B35B F85B F194 89D0 4E28  C33C 2119 4EBB 1657 33EA
uid                          Nick Mathewson <nickm@wangafu.net>
uid                          Nick Mathewson <nickm@alum.mit.edu>
uid                          Nick Mathewson <nickm@freehaven.net>


My old key has not, as far as I know[2], been compromised.  I am
replacing it because I although I still have the subkeys, I have
discovered that I no longer have access to the old primary key[3],
so I cannot replace the subkeys or migrate them to a smartcard, as
best practice would indicate.


If I meet you in person and authenticate this new key to you, please
feel free to sign it!  If I don't, and you sign it anyway, I will
put you on my list of Silly People Whose Signatures Are Not To Be
Trusted.

This message has been signed with my old key and my new key.


[1] Possibly revoking it, if I can find the certificate, and if that
    turns out to be a good idea. I am worried about all the old
    signatures that I generated on things which would then become
    invalid.

[2] I can't construct a plausible[*] vector for compromise of the
    old primary key that doesn't involve some kind of Bad Guy with
    physical access to my home cracking dmcrypt, cracking gpg's
    secret key encryption, and/or guessing the long and difficult
    passphrases I used for each.  Additionally, I have seen no
    evidence that anybody has been reading my mail or forging my
    signatures. So that's good.

[3] My security on the old primary key was too good, and I have
    forgotten at least two crucial passphrases.  Whoops!

[*] Yes I do know about keyloggers and EM.