At Parity we’re always looking for ways to improve our security. As phishing exploits continue increasing in sophistication, we have been thinking about how to ensure the trustability of our critical security messages.
We receive critical security messages through firstname.lastname@example.org. In order to ensure that the recipient can trust that we are the only receiver of these emails, they encrypt their message with GPG keys, which enable signing and encrypting emails.
GPG keys have a two-year lifespan and it’s possible to extend the lifetime of the keys. However, when facing the end of our email@example.com key lifespan, out of an abundance of caution we decided to issue a new key instead of extending the existing key.
The keys are available on SKS pool, as well as on keys.mailvelope.com and keys.openpgp.org independent keyservers. We suggest you try independent keyservers if you are not able to retrieve our keys from SKS because of certifications DoS attacks.
To learn more about GPG keys and how to set them up on your emails, check out this guide.
If you have any questions or want to discuss GPG keys, join the conversation at the Parity Watercooler chat.
Please find a signed version of this announcement in the following gist: https://gist.github.com/kirushik/61d317955652c4933514e5c73cb7c6be