Yea, but how do I know you control that anymore either? Back to trusting central authorities, but that’s certainly a way around the problem. Not a perfect way, but I can be reasonablly sure that Linus owns Linus Tech Tips, and if he says from there that his key leaked, it’s probably true. But then again, his site has been hacked before. Heck, even then he has to convince everyone to follow his new key. That’s no small task.

Keeping your shit secure is hard. I’m mostly using Android for this stuff at the moment and I have no trust that anything I do here is secure. Copying it to the clipboard, as these apps do, may be enough to have the key compromised.

And, maybe, I’d like to keep a copy of my key on my person via flash drive. Flash drives get lost sometimes. People get mugged. Even if my key is encrypted on the drive, I have to treat it as if it’s compromised.

Or perhaps I have a print out in my files. Files get stolen sometimes. And for big time content creators, all threats increase as the keys are more valuable than some rando’s.

So we have many software threat vectors and some physical ones. Mehbe my app gets compromised, they push an update, everyone’s keys start getting yanked. It happens. We need disaster recovery options. Until we do, everyone’s reputation on the system is at risk.