I've been generally refreshing my crypto keys and practices lately (new, stronger disk encryption configurations, new SSH keys, etc.), and I've finally worked my way around to PGP keys. I've had a number of PGP keys over the years (four that I still have tabs on, and three that remain relevant), and generally, I feel, managed them well. However, I've never had a coherent, published key management policy; with this new key, I have produced one.
The new key ID is A1A8 ED0E, and it is available here as well as on the common key servers. The related policy is here, signed by the key. It applies from here forward to my previous key, 771F C72B, but obviously cannot be applied retroactively. My older but still relevant key, 883C 1C14, has been revoked and should not be used for any purpose other than verifying preexisting signatures (for which it is valuable, as it is moderately well-connected).
Both of my active keys (771F C72B and A1A8 AD0E) as well as my key management policy are now linked from my home page.
In other news...
Geoff Lane introduced me to Keybase, a social media-inspired public key crypto identity and management interface. It consists of a web service with both a web site and CLI frontend that ties together social media accounts (right now, just Twitter and Github) with PGP keys. Users can be looked up by their Keybase username, their identity verified either via PGP key or Keybase ID, and their associated social media accounts thereby verified. The command line client offers a simpler interface to PGP encryption and authentication, assuming you plan to communicate with other Keybase users.
I'm not sure what I think of the system, yet. It's not exactly a key verification system; it appears that verification and signatures are based not on the other user's crypto keys, but on their Keybase ID, which includes their key ID among other fields. This means that it doesn't directly extend the web of trust. On the other hand, it's probably good that it doesn't directly extend the web of trust, because key verification is rather abstracted and the interface almost encourages verifying users by their social media identity rather than their key identity. It also appears to be able to track only one key per user.
That said, Geoff and I had a conversation recently about how difficult and opaque key verification and building crypto relationships are, and this platform shares some features with the ideas we discussed. It will be interesting to see what kind of adoption it sees and, critically, what kind of email/etc. integration appears. For now, they're in alpha stages and it's too early to tell. I can say that the web interface is slick and the social media account verification tools are interesting. (Basically you post a proof-of-identity JSON object signed by your PGP key (or digest thereof, in the case of Twitter) to a public place on the social media network, and then Keybase verifies it.)
In the meantime, my Keybase ID is https://keybase.io/elb. If you receive an alpha account (or the service goes public), please verify me and connect.