-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

New OpenPGP certificate for dkg, 2021
=====================================

Two years ago, I transitioned to a new OpenPGP certificate.  As 2021
begins, I'm transitioning to a new one.

A reasonable observer might ask, why not just update the expiration
date on the primary key and rotate to new subkeys?  That's what I
should do, but it appears I have put my master secret key in storage
that is so secure (or so broken) that even I am unable to access it.
Ugh.

You know my old OpenPGP certificate as:

```
pub   ed25519 2019-01-19 [C] [expires: 2021-01-18]
      C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
uid          Daniel Kahn Gillmor <dkg@fifthhorseman.net>
uid          Daniel Kahn Gillmor <dkg@debian.org>
```

My new OpenPGP certificate is:

```
pub   ed25519 2020-12-27 [C] [expires: 2023-12-24]
      C29F8A0C01F35E34D816AA5CE092EB3A5CA10DBA
uid           [ unknown] Daniel Kahn Gillmor
uid           [ unknown] <dkg@debian.org>
uid           [ unknown] <dkg@fifthhorseman.net>
```

In previous transitions, I've had my old OpenPGP key certify the new
certificate.  Sadly, I can't do that this time around, due to the
effective destruction of my old primary key.

If you've certified my old certificate, I'd appreciate your certifying
my new one.  Please do confirm by contacting me via whatever channels
you think are most appropriate before you re-certify, of course.
Sadly, in-person verification (my preferred form, because I like
seeing people) is likely to be constrained by the COVID-19 pandemic.

At the start of 2021, I will publish the new certificate to
[keys.openpgp.org](https://keys.openpgp.org) and to the SKS network,
though that network is failing.  I will also publish it to [my
personal website](https://dkg.fifthhorseman.net/dkg-openpgp.key), and
eventually via WKD for both the `fifthhorseman.net` and `debian.org`
zones.

If you use GnuPG, you can fetch it like this:

    wget -O- https://dkg.fifthhorseman.net/dkg-openpgp.key | gpg --import

A copy of this transition statement signed by both the old and new
certificates is available [on my
website](https://dkg.fifthhorseman.net/2021-dkg-openpgp-transition.txt),
and you can also find [further explanation about technical details,
choices, and rationale on my
blog](https://dkg.fifthhorseman.net/blog/2021-dkg-openpgp-transition.html).

-----BEGIN PGP SIGNATURE-----

wrwEARYKAG8Fgl/uf4gJED6dcXNx3lZcRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZwzJSttpALIHpu67JEmES042jXhzXLwfRtRpCDYZiksT
FiEELbVJHJ3w3I9DKGPPPp1xc3HeVlwAAC5IAPdJfTgfQ8VNpN4VvtrXBlLihzJr
VIElPNJ7yDQ/faJpAP9o+4X6Ugmjf6jeWBV+z2/Ae6C7zxerMpGjm12VVnWuB8K9
BAEWCgBvBYJf7n+ICRDEDyVUMvKBD0cUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5z
ZXF1b2lhLXBncC5vcmehJ2Y0CnONpySASxRwALmSHfaQ4Xmc4WANH1PbKN7xXxYh
BCy/rHZRqpAnNj51ccQPJVQy8oEPAACxZwEAh60bRrak2p0DQusjWsC3vgh5yc/B
8gCJHGol0CUSm6AA/jrKel2uUWfw0CthOqaElmYRp5+MiL5rabVKsB7UIb0A
=lTzo
-----END PGP SIGNATURE-----