If a vendor posts a new public key, without making any sort of announcement, what would you do?
I considered sending a message using the old key to see if they could respond to it and confirm they had a new key.
If I knew pgp inside and out I feel I could somehow ask them to sign the new key with the old, but I'm not sure how I could verify that (using Tails).
Or what if they just said they lost the old key? Would you no longer trust them? Thanks in advance for your advice.
Edit for more info:
They briefly had a message up announcing "new pgp key" that they removed in less than a day. Also, the new key coincided with them pulling their listings down, taking some days off and coming out with new listings (same stuff, slightly different dosages for the most part).
If they change keys, they better have a good reason and a signed message with the old. With my level of paranoia I wouldn't ever consider that vendor again. Could be compromised, or dumb enough to lose a private key. Either or I don't want handling my drugs.