[Discuss] TrueCrypt EOL, what's next?

Bill Bogstad bogstad at pobox.com
Fri May 30 14:07:46 EDT 2014


On Fri, May 30, 2014 at 12:50 PM, Bill Ricker <bill.n1vux at gmail.com> wrote:
> two minor corrigenda -
> * I'd read earlier the new binaries are signed with a new signing key, but
> that it was provisioned from same CA previously used, prior to the fraca,
> because old key was expiring, so not particularly suspicious, but rather
> best practice. (One might like to see the new key signed with the old but
> who remembers to do that.)

Anybody who cares about security?   This seems very odd to me.   Why
bother to get a new key
if you are going to just stop using it soon anyway?   The fact that is
from the same CA means not much
more then the check cleared.

Bill Bogstad



More information about the Discuss mailing list