is there any danger in revoking my current email address / user name in my gpg key, and then adding a new email and user name?
i guess i'm wondering if a vendor, who've i've ordered from previously, notice the change, and become alarmed?
or would it be best to just generate a new key with a new user name and email?
Any vendors are welcome to chime in if I'm wrong, but I don't think vendors keep track of customer PGP keys, or give a shit if they change. Why should they? It makes no difference to them whether you're the same person who placed order XYZ123 a few weeks ago or not.
It's pretty rare for a vendor to actually need to use a customer's PGP key for anything, anyway. Come to think of it, I'm not sure if I've ever had a vendor send my encrypted messages about an order.